bolt 2.9.0 → 2.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ed1409405ce8a0e0367aea1cb1b7e2d194546c594b96932288c9ae81cef73209
-  data.tar.gz: 0cfb52ce0dbeffb427988da5e3e338649d2f65defbeef133f01c745802661ac6
+  metadata.gz: 4f0e265eb792ba38e627651fad94478a4acbcbf7576912b95f6eaa0b234e6957
+  data.tar.gz: ad28f917ac186069e61300142dad31373b4a09dd484a3d131962d383b803d43a
 SHA512:
-  metadata.gz: 986a57cd4c6b101ce69f11dec9b6f95212129c2930aded3d0b0c0d8243bcf98ef66b981af0398ecb79cea291603483057c3df7f82e56fa6ab40f7981f4f7ae0d
-  data.tar.gz: 9ff02c10dd26709f6027c2d9ab45b051d67c0de62c87abe974faee9db28cf2ddde9e086f8cf83e2765bf43e1ff64690d849ad7e032fdc3cbce9990680f5f55f9
+  metadata.gz: 9b915748121d6081207a1afac60768008fc752f545ca722c403b58efbb96303417d3add08d8aaf1fd299770fd1202461f2759224b7bdf19592a9f6e5c277705c
+  data.tar.gz: 5c25c74ee7e7f7c39e1eb125e5b39fb0fcbefceb6ede50b8c364cacb19bf1eb20cd70dc80d24422e9590d8d8720b7fc25b3b98e147c4c4dee646ffc441d7154b

data/Puppetfile

@@ -6,7 +6,7 @@ moduledir File.join(File.dirname(__FILE__), 'modules')
 
 # Core modules used by 'apply'
 mod 'puppetlabs-service', '1.2.0'
-mod 'puppetlabs-puppet_agent', '3.0.2'
+mod 'puppetlabs-puppet_agent', '3.2.0'
 mod 'puppetlabs-facts', '1.0.0'
 
 # Core types and providers for Puppet 6

data/bolt-modules/boltlib/lib/puppet/datatypes/resourceinstance.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+Puppet::DataTypes.create_type('ResourceInstance') do
+  interface <<-PUPPET
+    attributes => {
+      'target'        => Target,
+      'type'          => Variant[String[1], Type[Resource]],
+      'title'         => String[1],
+      'state'         => Optional[Hash[String[1], Data]],
+      'desired_state' => Optional[Hash[String[1], Data]],
+      'events'        => Optional[Array[Hash[String[1], Data]]]
+    },
+    functions => {
+      add_event               => Callable[[Hash[String[1], Data]], [Hash[String[1], Data]]],
+      set_state               => Callable[[Hash[String[1], Data]], Hash[String[1], Data]],
+      overwrite_state         => Callable[[Hash[String[1], Data]], Hash[String[1], Data]],
+      set_desired_state       => Callable[[Hash[String[1], Data]], Hash[String[1], Data]],
+      overwrite_desired_state => Callable[[Hash[String[1], Data]], Hash[String[1], Data]],
+      reference               => Callable[[], String]
+    }
+  PUPPET
+
+  load_file('bolt/resource_instance')
+  # Needed for Puppet to recognize Bolt::ResourceInstance as a Puppet object when deserializing
+  Bolt::ResourceInstance.include(Puppet::Pops::Types::PuppetObject)
+  implementation_class Bolt::ResourceInstance
+end

data/bolt-modules/boltlib/lib/puppet/datatypes/target.rb

@@ -20,7 +20,8 @@ Puppet::DataTypes.create_type('Target') do
       vars => { type => Optional[Hash[String[1], Data]], kind => given_or_derived },
       facts => { type => Optional[Hash[String[1], Data]], kind => given_or_derived },
       features => { type => Optional[Array[String[1]]], kind => given_or_derived },
-      plugin_hooks => { type => Optional[Hash[String[1], Data]], kind => given_or_derived }
+      plugin_hooks => { type => Optional[Hash[String[1], Data]], kind => given_or_derived },
+      resources => { type => Optional[Hash[String[1], ResourceInstance]], kind => given_or_derived }
     },
     functions => {
       host => Callable[[], Optional[String]],

data/bolt-modules/boltlib/lib/puppet/functions/set_resources.rb

@@ -0,0 +1,122 @@
+# frozen_string_literal: true
+
+require 'bolt/error'
+
+# Sets one or more ResourceInstances on a Target. This function does not apply or modify
+# resources on a target.
+#
+# For more information about resources see [the
+# documentation](https://puppet.com/docs/puppet/latest/lang_resources.html).
+#
+# > **Note:** The `ResourceInstance` data type is under active development and is subject to
+#   change. You can read more about the data type in the [experimental features
+#   documentation](experimental_features.md#resourceinstance-data-type).
+#
+# > **Note:** Not available in apply block
+Puppet::Functions.create_function(:set_resources) do
+  # Set multiple resources
+  # @param target The `Target` object to add resources to. See {get_targets}.
+  # @param resources The resources to set on the target.
+  # @return The added `ResourceInstance` objects.
+  # @example Add multiple resources to a target with an array of `ResourceInstance` objects.
+  #   $resource1 = ResourceInstance.new(
+  #     'target' => $target,
+  #     'type'   => 'file',
+  #     'title'  => '/etc/puppetlabs',
+  #     'state'  => { 'ensure' => 'present' }
+  #   )
+  #   $resource2 = ResourceInstance.new(
+  #     'target' => $target,
+  #     'type'   => 'package',
+  #     'title'  => 'openssl',
+  #     'state'  => { 'ensure' => 'installed' }
+  #   )
+  #   $target.set_resources([$resource1, $resource2])
+  # @example Add resources retrieved with [`get_resources`](#get_resources) to a target.
+  #   $target.apply_prep
+  #   $resources = $target.get_resources(Package).first['resources']
+  #   $target.set_resources($resources)
+  dispatch :set_resources do
+    param 'Target', :target
+    param 'Array[Variant[Hash, ResourceInstance]]', :resources
+    return_type 'Array[ResourceInstance]'
+  end
+
+  # Set a single resource
+  # @param target The `Target` object to add resources to. See {get_targets}.
+  # @param resource The resource to set on the target.
+  # @return The added `ResourceInstance` object.
+  # @example Add a single resource to a target with a resource data hash.
+  #   $resource = {
+  #     'type'  => 'file',
+  #     'title' => '/etc/puppetlabs',
+  #     'state' => { 'ensure' => 'present' }
+  #   }
+  #   $target.set_resources($resource)
+  dispatch :set_resource do
+    param 'Target', :target
+    param 'Variant[Hash, ResourceInstance]', :resource
+    return_type 'Array[ResourceInstance]'
+  end
+
+  def set_resources(target, resources)
+    unless Puppet[:tasks]
+      raise Puppet::ParseErrorWithIssue
+        .from_issue_and_stack(
+          Bolt::PAL::Issues::PLAN_OPERATION_NOT_SUPPORTED_WHEN_COMPILING,
+          action: 'set_resources'
+        )
+    end
+
+    inventory = Puppet.lookup(:bolt_inventory)
+    executor  = Puppet.lookup(:bolt_executor)
+    executor.report_function_call(self.class.name)
+
+    inventory_target = inventory.get_target(target)
+
+    resources.uniq.map do |resource|
+      if resource.is_a?(Hash)
+        # ResourceInstance expects a Target object, so either get a specified target from
+        # the inventory or use the target this function was called on.
+        resource_target = if resource.key?('target')
+                            inventory.get_target(resource['target'])
+                          else
+                            inventory_target
+                          end
+
+        # Observed state from get_resources() is under the 'parameters' key
+        resource_state = resource['state'] || resource['parameters']
+
+        init_hash = {
+          'target'        => resource_target,
+          'type'          => resource['type'],
+          'title'         => resource['title'],
+          'state'         => resource_state,
+          'desired_state' => resource['desired_state'],
+          'events'        => resource['events']
+        }
+
+        # Calling Bolt::ResourceInstance.new or Bolt::ResourceInstance.from_asserted_hash
+        # will not perform any validation on the parameters. Instead, we need to use the
+        # Puppet constructor to initialize the object, which will first validate the parameters
+        # and then call Bolt::ResourceInstance.from_asserted_hash internally. To do this we
+        # first need to get the Puppet datatype and then call the new function on that type.
+        type = Puppet::Pops::Types::TypeParser.singleton.parse('ResourceInstance')
+        resource = call_function('new', type, init_hash)
+      end
+
+      unless resource.target == inventory_target
+        file, line = Puppet::Pops::PuppetStack.top_of_stack
+        raise Bolt::ValidationError, "Cannot set resource #{resource.reference} for target "\
+                                     "#{resource.target} on target #{inventory_target}. "\
+                                     "#{Puppet::Util::Errors.error_location(file, line)}"
+      end
+
+      inventory_target.set_resource(resource)
+    end
+  end
+
+  def set_resource(target, resource)
+    set_resources(target, [resource])
+  end
+end

data/bolt-modules/boltlib/types/planresult.pp

@@ -11,5 +11,6 @@ type Boltlib::PlanResult = Variant[Boolean,
                                    ApplyResult,
                                    ResultSet,
                                    Target,
+                                   ResourceInstance,
                                    Array[Boltlib::PlanResult],
                                    Hash[String, Boltlib::PlanResult]]

data/bolt-modules/file/lib/puppet/functions/file/exists.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
-# Check if a file exists.
+# Check if a local file exists using Puppet's
+# `Puppet::Parser::Files.find_file()` function. This will only check files that
+# are on the machine Bolt is run on.
 Puppet::Functions.create_function(:'file::exists', Puppet::Functions::InternalFunction) do
   # @param filename Absolute path or Puppet file path.
   # @return Whether the file exists.

data/bolt-modules/file/lib/puppet/functions/file/join.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# Join file paths.
+# Join file paths using ruby's `File.join()` function.
 Puppet::Functions.create_function(:'file::join') do
   # @param paths The paths to join.
   # @return The joined file path.

data/bolt-modules/file/lib/puppet/functions/file/read.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
-# Read a file and return its contents.
+# Read a file on localhost and return its contents using ruby's `File.read`. This will
+# only read files on the machine you run Bolt on.
 Puppet::Functions.create_function(:'file::read', Puppet::Functions::InternalFunction) do
   # @param filename Absolute path or Puppet file path.
   # @return The file's contents.

data/bolt-modules/file/lib/puppet/functions/file/readable.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
-# Check if a file is readable.
+# Check if a local file is readable using Puppet's
+# `Puppet::Parser::Files.find_file()` function. This will only check files on the
+# machine you run Bolt on.
 Puppet::Functions.create_function(:'file::readable', Puppet::Functions::InternalFunction) do
   # @param filename Absolute path or Puppet file path.
   # @return Whether the file is readable.

data/bolt-modules/file/lib/puppet/functions/file/write.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
-# Write a string to a file.
+# Write a string to a file on localhost using ruby's `File.write`. This will
+# only write files to the machine you run Bolt on. Use `write_file()` to write
+# to remote targets.
 Puppet::Functions.create_function(:'file::write') do
   # @param filename Absolute path.
   # @param content File content to write.

data/lib/bolt/applicator.rb

@@ -181,7 +181,7 @@ module Bolt
                                                                        rich_data: true,
                                                                        symbol_as_string: true,
                                                                        type_by_reference: true,
-                                                                       local_reference: false)
+                                                                       local_reference: true)
 
       scope = {
         code_ast: ast,

data/lib/bolt/apply_target.rb

@@ -3,7 +3,7 @@
 module Bolt
   class ApplyTarget
     ATTRIBUTES = %i[uri name target_alias config vars facts features
-                    plugin_hooks safe_name].freeze
+                    plugin_hooks resources safe_name].freeze
     COMPUTED = %i[host password port protocol user].freeze
 
     attr_reader(*ATTRIBUTES)
@@ -24,7 +24,8 @@ module Bolt
                                 facts = nil,
                                 vars = nil,
                                 features = nil,
-                                plugin_hooks = nil)
+                                plugin_hooks = nil,
+                                resources = nil)
       raise Bolt::Error.new("Target objects cannot be instantiated inside apply blocks", 'bolt/apply-error')
     end
     # rubocop:enable Lint/UnusedMethodArgument

data/lib/bolt/bolt_option_parser.rb

@@ -11,7 +11,7 @@ module Bolt
                 escalation: %w[run-as sudo-password sudo-password-prompt sudo-executable],
                 run_context: %w[concurrency inventoryfile save-rerun cleanup],
                 global_config_setters: %w[modulepath boltdir configfile],
-                transports: %w[transport connect-timeout tty],
+                transports: %w[transport connect-timeout tty ssh-command copy-command],
                 display: %w[format color verbose trace],
                 global: %w[help version debug] }.freeze
 
@@ -594,6 +594,7 @@ module Bolt
     HELP
 
     attr_reader :warnings
+
     def initialize(options)
       super()
 
@@ -655,8 +656,8 @@ module Bolt
         @options[:password] = STDIN.noecho(&:gets).chomp
         STDERR.puts
       end
-      define('--private-key KEY', 'Private ssh key to authenticate with') do |key|
-        @options[:'private-key'] = key
+      define('--private-key KEY', 'Path to private ssh key to authenticate with') do |key|
+        @options[:'private-key'] = File.expand_path(key)
       end
       define('--[no-]host-key-check', 'Check host keys with SSH') do |host_key_check|
         @options[:'host-key-check'] = host_key_check
@@ -718,7 +719,7 @@ module Bolt
       end
       define('--hiera-config FILEPATH',
              'Specify where to load Hiera config from (default: ~/.puppetlabs/bolt/hiera.yaml)') do |path|
-        @options[:'hiera-config'] = path
+        @options[:'hiera-config'] = File.expand_path(path)
       end
       define('-i', '--inventoryfile FILEPATH',
              'Specify where to load inventory from (default: ~/.puppetlabs/bolt/inventory.yaml)') do |path|
@@ -741,6 +742,14 @@ module Bolt
              "Specify a default transport: #{TRANSPORTS.keys.join(', ')}") do |t|
         @options[:transport] = t
       end
+      define('--ssh-command EXEC', "Executable to use instead of the net-ssh ruby library. ",
+             "This option is experimental.") do |exec|
+        @options[:'ssh-command'] = exec
+      end
+      define('--copy-command EXEC', "Command to copy files to remote hosts if using external SSH. ",
+             "This option is experimental.") do |exec|
+        @options[:'copy-command'] = exec
+      end
       define('--connect-timeout TIMEOUT', Integer, 'Connection timeout (defaults vary)') do |timeout|
         @options[:'connect-timeout'] = timeout
       end

data/lib/bolt/cli.rb

@@ -124,8 +124,9 @@ module Bolt
 
       Bolt::Logger.configure(config.log, config.color)
 
-      # Logger must be configured before checking path case, otherwise warnings will not display
+      # Logger must be configured before checking path case and project file, otherwise warnings will not display
       @config.check_path_case('modulepath', @config.modulepath)
+      @config.project.check_deprecated_file
 
       # Log the file paths for loaded config files
       config_loaded
@@ -257,13 +258,11 @@ module Bolt
     end
 
     def puppetdb_client
-      return @puppetdb_client if @puppetdb_client
-      puppetdb_config = Bolt::PuppetDB::Config.load_config(nil, config.puppetdb, config.project.path)
-      @puppetdb_client = Bolt::PuppetDB::Client.new(puppetdb_config)
+      plugins.puppetdb_client
     end
 
     def plugins
-      @plugins ||= Bolt::Plugin.setup(config, pal, puppetdb_client, analytics)
+      @plugins ||= Bolt::Plugin.setup(config, pal, analytics)
     end
 
     def query_puppetdb_nodes(query)

data/lib/bolt/config.rb

@@ -312,10 +312,10 @@ module Bolt
         @warnings << { option: 'future', msg: msg }
       end
 
-      keys = OPTIONS.keys - %w[plugins plugin_hooks]
+      keys = OPTIONS.keys - %w[plugins plugin_hooks puppetdb]
       keys.each do |key|
         next unless Bolt::Util.references?(@data[key])
-        valid_keys = TRANSPORT_CONFIG.keys + %w[plugins plugin_hooks]
+        valid_keys = TRANSPORT_CONFIG.keys + %w[plugins plugin_hooks puppetdb]
         raise Bolt::ValidationError,
               "Found unsupported key _plugin in config setting #{key}. Plugins are only available in "\
               "#{valid_keys.join(', ')}."

data/lib/bolt/config/transport/ssh.rb

@@ -13,14 +13,20 @@ module Bolt
         #       in schemas/bolt-transport-definitions.json
         OPTIONS = {
           "cleanup"            => { type: TrueClass,
+                                    external: true,
                                     desc: "Whether to clean up temporary files created on targets." },
           "connect-timeout"    => { type: Integer,
                                     desc: "How long to wait when establishing connections." },
+          "copy-command"       => { external: true,
+                                    desc: "Command to use when copying files using ssh-command. "\
+                                          "Bolt runs `<copy-command> <src> <dest>`. **This option is experimental.**" },
           "disconnect-timeout" => { type: Integer,
                                     desc: "How long to wait before force-closing a connection." },
           "host"               => { type: String,
+                                    external: true,
                                     desc: "Host name." },
           "host-key-check"     => { type: TrueClass,
+                                    external: true,
                                     desc: "Whether to perform host key validation when connecting." },
           "extensions"         => { type: Array,
                                     desc: "List of file extensions that are accepted for scripts or tasks on Windows. "\
@@ -29,6 +35,7 @@ module Bolt
                                          "a `.py` script runs with `python.exe`. The extensions `.ps1`, `.rb`, and "\
                                          "`.pp` are always allowed and run via hard-coded executables." },
           "interpreters"       => { type: Hash,
+                                    external: true,
                                     desc: "A map of an extension name to the absolute path of an executable, "\
                                           "enabling you to override the shebang defined in a task executable. The "\
                                           "extension can optionally be specified with the `.` character (`.py` and "\
@@ -44,26 +51,36 @@ module Bolt
           "password"           => { type: String,
                                     desc: "Login password." },
           "port"               => { type: Integer,
+                                    external: true,
                                     desc: "Connection port." },
-          "private-key"        => { desc: "Either the path to the private key file to use for authentication, or a "\
+          "private-key"        => { external: true,
+                                    desc: "Either the path to the private key file to use for authentication, or a "\
                                           "hash with the key `key-data` and the contents of the private key." },
           "proxyjump"          => { type: String,
                                     desc: "A jump host to proxy connections through, and an optional user to "\
                                           "connect with." },
           "run-as"             => { type: String,
+                                    external: true,
                                     desc: "A different user to run commands as after login." },
           "run-as-command"     => { type: Array,
+                                    external: true,
                                     desc: "The command to elevate permissions. Bolt appends the user and command "\
                                           "strings to the configured `run-as-command` before running it on the "\
                                           "target. This command must not require an interactive password prompt, "\
                                           "and the `sudo-password` option is ignored when `run-as-command` is "\
                                           "specified. The `run-as-command` must be specified as an array." },
           "script-dir"         => { type: String,
+                                    external: true,
                                     desc: "The subdirectory of the tmpdir to use in place of a randomized "\
                                           "subdirectory for uploading and executing temporary files on the "\
                                           "target. It's expected that this directory already exists as a subdir "\
                                           "of tmpdir, which is either configured or defaults to `/tmp`." },
+          "ssh-command"        => { external: true,
+                                    desc: "Command and flags to use when SSHing. This enables the external "\
+                                          "SSH transport which shells out to the specified command. "\
+                                          "**This option is experimental.**" },
           "sudo-executable"    => { type: String,
+                                    external: true,
                                     desc: "The executable to use when escalating to the configured `run-as` "\
                                           "user. This is useful when you want to escalate using the configured "\
                                           "`sudo-password`, since `run-as-command` does not use `sudo-password` "\
@@ -71,14 +88,17 @@ module Bolt
                                           "`<sudo-executable> -S -u <user> -p custom_bolt_prompt <command>`. "\
                                           "**This option is experimental.**" },
           "sudo-password"      => { type: String,
+                                    external: true,
                                     desc: "Password to use when changing users via `run-as`." },
           "tmpdir"             => { type: String,
+                                    external: true,
                                     desc: "The directory to upload and execute temporary files on the target." },
           "tty"                => { type: TrueClass,
                                     desc: "Request a pseudo tty for the session. This option is generally "\
                                           "only used in conjunction with the `run-as` option when the sudoers "\
                                           "policy requires a `tty`." },
           "user"               => { type: String,
+                                    external: true,
                                     desc: "Login user." }
         }.freeze
 
@@ -103,6 +123,13 @@ module Bolt
 
             if key_opt.instance_of?(String)
               @config['private-key'] = File.expand_path(key_opt, @project)
+
+              # We have an explicit test for this to only warn if using net-ssh transport
+              Bolt::Util.validate_file('ssh key', @config['private-key']) if @config['ssh-command']
+            end
+
+            if key_opt.instance_of?(Hash) && @config['ssh-command']
+              raise Bolt::ValidationError, 'private-key must be a filepath when using ssh-command'
             end
           end
 
@@ -130,6 +157,25 @@ module Bolt
               end
             end
           end
+
+          if @config['ssh-command'] && !@config['load-config']
+            msg = 'Cannot use external SSH transport with load-config set to false'
+            raise Bolt::ValidationError, msg
+          end
+
+          if (ssh_cmd = @config['ssh-command'])
+            unless ssh_cmd.is_a?(String) || ssh_cmd.is_a?(Array)
+              raise Bolt::ValidationError,
+                    "ssh-command must be a String or Array, received #{ssh_cmd.class} #{ssh_cmd.inspect}"
+            end
+          end
+
+          if (copy_cmd = @config['copy-command'])
+            unless copy_cmd.is_a?(String) || copy_cmd.is_a?(Array)
+              raise Bolt::ValidationError,
+                    "copy-command must be a String or Array, received #{copy_cmd.class} #{copy_cmd.inspect}"
+            end
+          end
         end
       end
     end

data/lib/bolt/inventory.rb

@@ -15,6 +15,7 @@ module Bolt
 
     class ValidationError < Bolt::Error
       attr_accessor :path
+
       def initialize(message, offending_group)
         super(message, 'bolt.inventory/validation-error')
         @_message = message
@@ -83,7 +84,7 @@ module Bolt
 
     def self.empty
       config  = Bolt::Config.default
-      plugins = Bolt::Plugin.setup(config, nil, nil, Bolt::Analytics::NoopClient)
+      plugins = Bolt::Plugin.setup(config, nil)
 
       create_version({}, config.transport, config.transports, plugins)
     end

data/lib/bolt/inventory/inventory.rb

@@ -7,6 +7,7 @@ module Bolt
   class Inventory
     class Inventory
       attr_reader :targets, :plugins, :config, :transport
+
       class WildcardError < Bolt::Error
         def initialize(target)
           super("Found 0 targets matching wildcard pattern #{target}", 'bolt.inventory/wildcard-error')
@@ -318,6 +319,10 @@ module Bolt
       def target_config(target)
         @targets[target.name].config
       end
+
+      def resources(target)
+        @targets[target.name].resources
+      end
     end
   end
 end

data/lib/bolt/inventory/target.rb

@@ -1,10 +1,12 @@
 # frozen_string_literal: true
 
+require 'bolt/resource_instance'
+
 module Bolt
   class Inventory
     # This class represents the active state of a target within the inventory.
     class Target
-      attr_reader :name, :uri, :safe_name, :target_alias
+      attr_reader :name, :uri, :safe_name, :target_alias, :resources
 
       def initialize(target_data, inventory)
         unless target_data['name'] || target_data['uri']
@@ -36,12 +38,26 @@ module Bolt
         # When alias is specified in a plan, the key will be `target_alias`, when
         # alias is specified in inventory the key will be `alias`.
         @target_alias = target_data['target_alias'] || target_data['alias'] || []
+        @resources = {}
 
         @inventory = inventory
 
         validate
       end
 
+      # rubocop:disable Naming/AccessorMethodName
+      def set_resource(resource)
+        if (existing_resource = resources[resource.reference])
+          existing_resource.overwrite_state(resource.state)
+          existing_resource.overwrite_desired_state(resource.desired_state)
+          existing_resource.events = existing_resource.events + resource.events
+          existing_resource
+        else
+          @resources[resource.reference] = resource
+        end
+      end
+      # rubocop:enable Naming/AccessorMethodName
+
       def vars
         group_cache['vars'].merge(@vars)
       end

data/lib/bolt/node/output.rb

@@ -12,7 +12,7 @@ module Bolt
       def initialize
         @stdout = StringIO.new
         @stderr = StringIO.new
-        @exit_code = 'unkown'
+        @exit_code = 'unknown'
       end
     end
   end

data/lib/bolt/pal/yaml_plan.rb

@@ -99,6 +99,7 @@ module Bolt
       # logic.
       class EvaluableString
         attr_reader :value
+
         def initialize(value)
           @value = value
         end

data/lib/bolt/plugin.rb

@@ -119,13 +119,9 @@ module Bolt
       end
     end
 
-    def self.setup(config, pal, pdb_client, analytics)
+    def self.setup(config, pal, analytics = Bolt::Analytics::NoopClient.new)
       plugins = new(config, pal, analytics)
 
-      # PDB is special because it needs the PDB client. Since it has no config,
-      # we can just add it first.
-      plugins.add_plugin(Bolt::Plugin::Puppetdb.new(pdb_client))
-
       # Initialize any plugins referenced in plugin config. This will also indirectly
       # initialize any plugins they depend on.
       if plugins.reference?(config.plugins)
@@ -142,7 +138,7 @@ module Bolt
       plugins
     end
 
-    RUBY_PLUGINS = %w[task prompt env_var].freeze
+    RUBY_PLUGINS = %w[task prompt env_var puppetdb].freeze
     BUILTIN_PLUGINS = %w[task terraform pkcs7 prompt vault aws_inventory puppetdb azure_inventory
                          yaml env_var gcloud_inventory].freeze
     DEFAULT_PLUGIN_HOOKS = { 'puppet_library' => { 'plugin' => 'puppet_agent', 'stop_service' => true } }.freeze
@@ -161,6 +157,13 @@ module Bolt
       @unknown = Set.new
       @resolution_stack = []
       @unresolved_plugin_configs = config.plugins.dup
+      # The puppetdb plugin config comes from the puppetdb section, not from
+      # the plugins section
+      if @unresolved_plugin_configs.key?('puppetdb')
+        msg = "Configuration for the PuppetDB plugin must be in the 'puppetdb' config section, not 'plugins'"
+        raise Bolt::Error.new(msg, 'bolt/plugin-error')
+      end
+      @unresolved_plugin_configs['puppetdb'] = config.puppetdb if config.puppetdb
       @plugin_hooks = DEFAULT_PLUGIN_HOOKS.dup
     end
 
@@ -168,7 +171,6 @@ module Bolt
       @modules ||= Bolt::Module.discover(@pal.modulepath)
     end
 
-    # Generally this is private. Puppetdb is special though
     def add_plugin(plugin)
       @plugins[plugin.name] = plugin
     end
@@ -235,6 +237,10 @@ module Bolt
       end
     end
 
+    def puppetdb_client
+      by_name('puppetdb').puppetdb_client
+    end
+
     # Evaluate all _plugin references in a data structure. Leaves are
     # evaluated and then their parents are evaluated with references replaced
     # by their values. If the result of a reference contains more references,

data/lib/bolt/plugin/puppetdb.rb

@@ -14,8 +14,11 @@ module Bolt
       TEMPLATE_OPTS = %w[alias config facts features name uri vars].freeze
       PLUGIN_OPTS = %w[_plugin query target_mapping].freeze
 
-      def initialize(pdb_client)
-        @puppetdb_client = pdb_client
+      attr_reader :puppetdb_client
+
+      def initialize(config:, context:)
+        pdb_config = Bolt::PuppetDB::Config.load_config(config, context.boltdir)
+        @puppetdb_client = Bolt::PuppetDB::Client.new(pdb_config)
         @logger = Logging.logger[self]
       end
 

data/lib/bolt/project.rb

@@ -27,7 +27,7 @@ module Bolt
       dir = Pathname.new(dir)
       if (dir + BOLTDIR_NAME).directory?
         new(dir + BOLTDIR_NAME, 'embedded')
-      elsif (dir + 'bolt.yaml').file?
+      elsif (dir + 'bolt.yaml').file? || (dir + 'bolt-project.yaml').file?
         new(dir, 'local')
       elsif dir.root?
         default_project
@@ -47,7 +47,7 @@ module Bolt
       @resource_types = @path + '.resource_types'
       @type = type
 
-      @project_file = @path + 'project.yaml'
+      @project_file = @path + 'bolt-project.yaml'
       @data = Bolt::Util.read_optional_yaml_hash(File.expand_path(@project_file), 'project') || {}
       validate if load_as_module?
     end
@@ -72,7 +72,7 @@ module Bolt
     end
 
     def name
-      # If the project is in mymod/Boltdir/project.yaml, use mymod as the project name
+      # If the project is in mymod/Boltdir/bolt-project.yaml, use mymod as the project name
       dirname = @path.basename.to_s == 'Boltdir' ? @path.parent.basename.to_s : @path.basename.to_s
       pname = @data['name'] || dirname
       pname.include?('-') ? pname.split('-', 2)[1] : pname
@@ -100,7 +100,7 @@ module Bolt
       n = @data['name']
       if n && !project_directory_name?(n) && !project_namespaced_name?(n)
         raise Bolt::ValidationError, <<~ERROR_STRING
-        Invalid project name '#{n}' in project.yaml; project names must match either:
+        Invalid project name '#{n}' in bolt-project.yaml; project names must match either:
         An installed project name (ex. projectname) matching the expression /^[a-z][a-z0-9_]*$/ -or-
         A namespaced project name (ex. author-projectname) matching the expression /^[a-zA-Z0-9]+[-][a-z][a-z0-9_]*$/
         ERROR_STRING
@@ -110,7 +110,7 @@ module Bolt
         A project name (ex. projectname) matching the expression /^[a-z][a-z0-9_]*$/ -or-
         A namespaced project name (ex. author-projectname) matching the expression /^[a-zA-Z0-9]+[-][a-z][a-z0-9_]*$/
 
-        Configure project name in <project_dir>/project.yaml
+        Configure project name in <project_dir>/bolt-project.yaml
         ERROR_STRING
       # If the project name is the same as one of the built-in modules raise a warning
       elsif Dir.children(Bolt::PAL::BOLTLIB_PATH).include?(name)
@@ -120,9 +120,16 @@ module Bolt
 
       %w[tasks plans].each do |conf|
         unless @data.fetch(conf, []).is_a?(Array)
-          raise Bolt::ValidationError, "'#{conf}' in project.yaml must be an array"
+          raise Bolt::ValidationError, "'#{conf}' in bolt-project.yaml must be an array"
         end
       end
     end
+
+    def check_deprecated_file
+      if (@path + 'project.yaml').file?
+        logger = Logging.logger[self]
+        logger.warn "Project configuration file 'project.yaml' is deprecated; use 'bolt-project.yaml' instead."
+      end
+    end
   end
 end

data/lib/bolt/puppetdb/config.rb

@@ -22,27 +22,20 @@ module Bolt
         File.expand_path(File.join(Dir::COMMON_APPDATA, 'PuppetLabs/client-tools/puppetdb.conf'))
       end
 
-      def self.load_config(filename, options, project_path = nil)
+      def self.load_config(options, project_path = nil)
         config = {}
         global_path = Bolt::Util.windows? ? default_windows_config : DEFAULT_CONFIG[:global]
-        if filename
-          if File.exist?(filename)
-            config = JSON.parse(File.read(filename))
-          else
-            raise Bolt::PuppetDBError, "config file #{filename} does not exist"
-          end
-        else
-          if File.exist?(DEFAULT_CONFIG[:user])
-            filepath = DEFAULT_CONFIG[:user]
-          elsif File.exist?(global_path)
-            filepath = global_path
-          end
 
-          begin
-            config = JSON.parse(File.read(filepath)) if filepath
-          rescue StandardError => e
-            Logging.logger[self].error("Could not load puppetdb.conf from #{filepath}: #{e.message}")
-          end
+        if File.exist?(DEFAULT_CONFIG[:user])
+          filepath = DEFAULT_CONFIG[:user]
+        elsif File.exist?(global_path)
+          filepath = global_path
+        end
+
+        begin
+          config = JSON.parse(File.read(filepath)) if filepath
+        rescue StandardError => e
+          Logging.logger[self].error("Could not load puppetdb.conf from #{filepath}: #{e.message}")
         end
 
         config = config.fetch('puppetdb', {})
@@ -51,8 +44,7 @@ module Bolt
 
       def initialize(settings, project_path = nil)
         @settings = settings
-        @project_path = project_path
-        expand_paths
+        expand_paths(project_path)
       end
 
       def token
@@ -68,14 +60,10 @@ module Bolt
         @token = @token.strip if @token
       end
 
-      def expand_paths
+      def expand_paths(project_path)
         %w[cacert cert key token].each do |file|
           next unless @settings[file]
-          @settings[file] = if @project_path
-                              File.expand_path(@settings[file], @project_path)
-                            else
-                              File.expand_path(@settings[file])
-                            end
+          @settings[file] = File.expand_path(@settings[file], project_path)
         end
       end
 

data/lib/bolt/resource_instance.rb

@@ -0,0 +1,126 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module Bolt
+  class ResourceInstance
+    attr_reader :target, :type, :title, :state, :desired_state
+    attr_accessor :events
+
+    # Needed by Puppet to recognize Bolt::ResourceInstance as a Puppet object when deserializing
+    def self._pcore_type
+      ResourceInstance
+    end
+
+    # Needed by Puppet to serialize with _pcore_init_hash instead of the object's attributes
+    def self._pcore_init_from_hash(_init_hash)
+      raise "ResourceInstance shouldn't be instantiated from a pcore_init class method. "\
+            "How did this get called?"
+    end
+
+    def _pcore_init_from_hash(init_hash)
+      initialize(init_hash)
+    end
+
+    # Parameters will already be validated when calling ResourceInstance.new or
+    # set_resources() from a plan. We don't perform any validation in the class
+    # itself since Puppet will pass an empty hash to the initializer as part of
+    # the deserialization process before passing the _pcore_init_hash.
+    def initialize(resource_hash)
+      @target        = resource_hash['target']
+      @type          = resource_hash['type'].to_s.capitalize
+      @title         = resource_hash['title']
+      # get_resources() returns observed state under the 'parameters' key
+      @state         = resource_hash['state'] || resource_hash['parameters'] || {}
+      @desired_state = resource_hash['desired_state'] || {}
+      @events        = resource_hash['events'] || []
+    end
+
+    # Creates a ResourceInstance from a data hash in a plan when calling
+    # ResourceInstance.new($resource_hash) or $target.set_resources($resource_hash)
+    def self.from_asserted_hash(resource_hash)
+      new(resource_hash)
+    end
+
+    # Creates a ResourceInstance from positional arguments in a plan when
+    # calling ResourceInstance.new(target, type, title, ...)
+    def self.from_asserted_args(target,
+                                type,
+                                title,
+                                state         = nil,
+                                desired_state = nil,
+                                events        = nil)
+      new(
+        'target'        => target,
+        'type'          => type,
+        'title'         => title,
+        'state'         => state,
+        'desired_state' => desired_state,
+        'events'        => events
+      )
+    end
+
+    def eql?(other)
+      self.class.equal?(other.class) &&
+        target == other.target &&
+        type   == other.type &&
+        title  == other.title
+    end
+    alias == eql?
+
+    def to_hash
+      {
+        'target'        => target,
+        'type'          => type,
+        'title'         => title,
+        'state'         => state,
+        'desired_state' => desired_state,
+        'events'        => events
+      }
+    end
+    alias _pcore_init_hash to_hash
+
+    def to_json(opts = nil)
+      to_hash.to_json(opts)
+    end
+
+    def reference
+      "#{type}[#{title}]"
+    end
+    alias to_s reference
+
+    def add_event(event)
+      @events << event
+    end
+
+    # rubocop:disable Naming/AccessorMethodName
+    def set_state(state)
+      assert_hash('state', state)
+      @state.merge!(state)
+    end
+    # rubocop:enable Naming/AccessorMethodName
+
+    def overwrite_state(state)
+      assert_hash('state', state)
+      @state = state
+    end
+
+    # rubocop:disable Naming/AccessorMethodName
+    def set_desired_state(desired_state)
+      assert_hash('desired_state', desired_state)
+      @desired_state.merge!(desired_state)
+    end
+    # rubocop:enable Naming/AccessorMethodName
+
+    def overwrite_desired_state(desired_state)
+      assert_hash('desired_state', desired_state)
+      @desired_state = desired_state
+    end
+
+    def assert_hash(loc, value)
+      unless value.is_a?(Hash)
+        raise Bolt::ValidationError, "#{loc} must be of type Hash; got #{value.class}"
+      end
+    end
+  end
+end

data/lib/bolt/target.rb

@@ -31,7 +31,8 @@ module Bolt
                                 facts = nil,
                                 vars = nil,
                                 features = nil,
-                                plugin_hooks = nil)
+                                plugin_hooks = nil,
+                                resources = nil)
       from_asserted_hash('uri' => uri)
     end
     # rubocop:enable Lint/UnusedMethodArgument
@@ -75,6 +76,16 @@ module Bolt
       inventory_target.target_alias
     end
 
+    def resources
+      inventory_target.resources
+    end
+
+    # rubocop:disable Naming/AccessorMethodName
+    def set_resource(resource)
+      inventory_target.set_resource(resource)
+    end
+    # rubocop:enable Naming/AccessorMethodName
+
     def to_h
       options.to_h.merge(
         'name' => name,

data/lib/bolt/transport/ssh.rb

@@ -16,13 +16,16 @@ module Bolt
         rescue LoadError
           logger.debug("Authentication method 'gssapi-with-mic' (Kerberos) is not available.")
         end
-
         @transport_logger = Logging.logger[Net::SSH]
         @transport_logger.level = :warn
       end
 
       def with_connection(target)
-        conn = Connection.new(target, @transport_logger)
+        conn = if target.transport_config['ssh-command']
+                 ExecConnection.new(target)
+               else
+                 Connection.new(target, @transport_logger)
+               end
         conn.connect
         yield conn
       ensure
@@ -37,3 +40,4 @@ module Bolt
 end
 
 require 'bolt/transport/ssh/connection'
+require 'bolt/transport/ssh/exec_connection'

data/lib/bolt/transport/ssh/exec_connection.rb

@@ -0,0 +1,110 @@
+# frozen_string_literal: true
+
+require 'open3'
+
+module Bolt
+  module Transport
+    class SSH < Simple
+      class ExecConnection
+        attr_reader :user, :target
+
+        def initialize(target)
+          raise Bolt::ValidationError, "Target #{target.safe_name} does not have a host" unless target.host
+
+          @target = target
+          ssh_config = Net::SSH::Config.for(target.host)
+          @user = @target.user || ssh_config[:user] || Etc.getlogin
+          @logger = Logging.logger[self]
+        end
+
+        # This is used to verify we can connect to targets with `connected?`
+        def connect
+          cmd = build_ssh_command('exit')
+          _, err, stat = Open3.capture3(*cmd)
+          unless stat.success?
+            raise Bolt::Node::ConnectError.new(
+              "Failed to connect to #{@target.safe_name}: #{err}",
+              'CONNECT_ERROR'
+            )
+          end
+        end
+
+        def disconnect; end
+
+        def shell
+          Bolt::Shell::Bash.new(@target, self)
+        end
+
+        def userhost
+          "#{@user}@#{@target.host}"
+        end
+
+        def ssh_opts
+          cmd = []
+          # BatchMode is SSH's noninteractive option: if key authentication
+          # fails it will error out instead of falling back to password prompt
+          cmd += %w[-o BatchMode=yes]
+          cmd += %W[-o Port=#{@target.port}] if @target.port
+
+          if @target.transport_config.key?('host-key-check')
+            hkc = @target.transport_config['host-key-check'] ? 'yes' : 'no'
+            cmd += %W[-o StrictHostKeyChecking=#{hkc}]
+          end
+
+          if (key = target.transport_config['private-key'])
+            cmd += ['-i', key]
+          end
+          cmd
+        end
+
+        def build_ssh_command(command)
+          ssh_conf = @target.transport_config['ssh-command']
+          ssh_cmd = Array(ssh_conf)
+          ssh_cmd += ssh_opts
+          ssh_cmd << userhost
+          ssh_cmd << command
+        end
+
+        def copy_file(source, dest)
+          @logger.debug { "Uploading #{source}, to #{userhost}:#{dest}" } unless source.is_a?(StringIO)
+
+          cp_conf = @target.transport_config['copy-command'] || ["scp", "-r"]
+          cp_cmd = Array(cp_conf)
+          cp_cmd += ssh_opts
+
+          _, err, stat = if source.is_a?(StringIO)
+                           Tempfile.create(File.basename(dest)) do |f|
+                             f.write(source.read)
+                             f.close
+                             cp_cmd << f.path
+                             cp_cmd << "#{userhost}:#{Shellwords.escape(dest)}"
+                             Open3.capture3(*cp_cmd)
+                           end
+                         else
+                           cp_cmd << source
+                           cp_cmd << "#{userhost}:#{Shellwords.escape(dest)}"
+                           Open3.capture3(*cp_cmd)
+                         end
+
+          if stat.success?
+            @logger.debug "Successfully uploaded #{source} to #{dest}"
+          else
+            message = "Could not copy file to #{dest}: #{err}"
+            raise Bolt::Node::FileError.new(message, 'COPY_ERROR')
+          end
+        end
+
+        def execute(command)
+          cmd_array = build_ssh_command(command)
+          Open3.popen3(*cmd_array)
+        end
+
+        # This is used by the Bash shell to decide whether to `cd` before
+        # executing commands as a run-as user
+        def reset_cwd?
+          true
+        end
+      end
+    end
+  end
+end

data/lib/bolt/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Bolt
-  VERSION = '2.9.0'
+  VERSION = '2.10.0'
 end

data/lib/bolt_server/pe/pal.rb

@@ -51,50 +51,13 @@ module BoltServer
         basemodulepath = plan_executor_config['basemodulepath'] || "#{codedir}/modules:/opt/puppetlabs/puppet/modules"
 
         with_pe_pal_init_settings(codedir, environmentpath, basemodulepath) do
-          modulepath_dirs = []
-          modulepath_setting_from_bolt = nil
           environment = Puppet.lookup(:environments).get!(environment_name)
-          path_to_env = environment.configuration.path_to_env
-
-          # In the instance where the environment is "production" but no production dir
-          # exists, the lookup will succeed, but the configuration will be mostly empty.
-          # For other environments the lookup will fail, but for production we don't
-          # want cryptic messages sent to the user about combining `nil` with a string.
-          # Thus if we do get here and `path_to_env` is empty, just assume it's the
-          # default production environment and continue.
-          #
-          # This should hopefully match puppet's behavior for the default 'production'
-          # environment: _technically_ that environment always exists, but if the dir
-          # isn't there it won't find the module and fail with "plan not found" rather
-          # than "environment doesn't exist"
-          if path_to_env
-            bolt_yaml = File.join(environment.configuration.path_to_env, 'bolt.yaml')
-            modulepath_setting_from_bolt = Bolt::Util.read_optional_yaml_hash(bolt_yaml, 'config')['modulepath']
-          end
-
-          # If we loaded a bolt.yaml in the environment root and it contained a modulepath setting:
-          # we will use that modulepath rather than the one loaded through puppet. modulepath will
-          # be the _only_ setting that will work from bolt.yaml in plans in PE.
-          if modulepath_setting_from_bolt
-            modulepath_setting_from_bolt.split(File::PATH_SEPARATOR).each do |path|
-              if Pathname.new(path).absolute? && File.exist?(path)
-                modulepath_dirs << path
-              elsif File.exist?(File.join(path_to_env, path))
-                modulepath_dirs << File.join(path_to_env, path)
-              end
-            end
-
-            # Append the basemodulepath to include "built-in" modules.
-            modulepath_dirs.concat(basemodulepath.split(File::PATH_SEPARATOR))
-          else
-            modulepath_dirs = environment.modulepath
-          end
-
           # A new modulepath is created from scratch (rather than using super's @modulepath)
           # so that we can have full control over all the entries in modulepath. In the future
           # it's likely we will need to preceed _both_ Bolt::PAL::BOLTLIB_PATH _and_
           # Bolt::PAL::MODULES_PATH which would be more complex if we tried to use @modulepath since
           # we need to append our modulepaths and exclude modules shiped in bolt gem code
+          modulepath_dirs = environment.modulepath
           @original_modulepath = modulepath_dirs
           @modulepath = [PE_BOLTLIB_PATH, Bolt::PAL::BOLTLIB_PATH, *modulepath_dirs]
         end

data/lib/bolt_spec/bolt_context.rb

@@ -145,10 +145,7 @@ module BoltSpec
     end
 
     def plugins
-      @plugins ||= Bolt::Plugin.setup(config,
-                                      pal,
-                                      nil,
-                                      Bolt::Analytics::NoopClient.new)
+      @plugins ||= Bolt::Plugin.setup(config, pal)
     end
 
     def pal

data/lib/bolt_spec/plans/mock_executor.rb

@@ -230,6 +230,7 @@ module BoltSpec
       def transport(_protocol)
         Class.new do
           attr_reader :provided_features
+
           def initialize(features)
             @provided_features = features
           end

data/lib/bolt_spec/run.rb

@@ -152,14 +152,11 @@ module BoltSpec
       end
 
       def plugins
-        @plugins ||= Bolt::Plugin.setup(config, pal, puppetdb_client, @analytics)
+        @plugins ||= Bolt::Plugin.setup(config, pal)
       end
 
       def puppetdb_client
-        @puppetdb_client ||= begin
-                               puppetdb_config = Bolt::PuppetDB::Config.load_config(nil, config.puppetdb)
-                               Bolt::PuppetDB::Client.new(puppetdb_config)
-                             end
+        plugins.puppetdb_client
       end
 
       def pal

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bolt
 version: !ruby/object:Gem::Version
-  version: 2.9.0
+  version: 2.10.0
 platform: ruby
 authors:
 - Puppet
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-05-11 00:00:00.000000000 Z
+date: 2020-05-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -390,6 +390,7 @@ extra_rdoc_files: []
 files:
 - Puppetfile
 - bolt-modules/boltlib/lib/puppet/datatypes/applyresult.rb
+- bolt-modules/boltlib/lib/puppet/datatypes/resourceinstance.rb
 - bolt-modules/boltlib/lib/puppet/datatypes/result.rb
 - bolt-modules/boltlib/lib/puppet/datatypes/resultset.rb
 - bolt-modules/boltlib/lib/puppet/datatypes/target.rb
@@ -413,6 +414,7 @@ files:
 - bolt-modules/boltlib/lib/puppet/functions/run_task_with.rb
 - bolt-modules/boltlib/lib/puppet/functions/set_config.rb
 - bolt-modules/boltlib/lib/puppet/functions/set_feature.rb
+- bolt-modules/boltlib/lib/puppet/functions/set_resources.rb
 - bolt-modules/boltlib/lib/puppet/functions/set_var.rb
 - bolt-modules/boltlib/lib/puppet/functions/upload_file.rb
 - bolt-modules/boltlib/lib/puppet/functions/vars.rb
@@ -493,6 +495,7 @@ files:
 - lib/bolt/puppetdb/config.rb
 - lib/bolt/r10k_log_proxy.rb
 - lib/bolt/rerun.rb
+- lib/bolt/resource_instance.rb
 - lib/bolt/result.rb
 - lib/bolt/result_set.rb
 - lib/bolt/secret.rb
@@ -516,6 +519,7 @@ files:
 - lib/bolt/transport/simple.rb
 - lib/bolt/transport/ssh.rb
 - lib/bolt/transport/ssh/connection.rb
+- lib/bolt/transport/ssh/exec_connection.rb
 - lib/bolt/transport/winrm.rb
 - lib/bolt/transport/winrm/connection.rb
 - lib/bolt/util.rb