bolt 3.0.0 → 3.5.0

data/lib/bolt/pal/yaml_plan/step/upload.rb

@@ -5,31 +5,30 @@ module Bolt
     class YamlPlan
       class Step
         class Upload < Step
-          def self.allowed_keys
-            super + Set['destination', 'upload']
+          def self.option_keys
+            Set['catch_errors', 'run_as']
           end
 
           def self.required_keys
-            Set['upload', 'destination', 'targets']
+            Set['destination', 'targets', 'upload']
           end
 
-          def initialize(step_body)
-            super
-            @source = step_body['upload']
-            @destination = step_body['destination']
-          end
-
-          def transpile
-            code = String.new("  ")
-            code << "$#{@name} = " if @name
+          # Returns an array of arguments to pass to the step's function call
+          #
+          private def format_args(body)
+            opts = format_options(body)
 
-            fn = 'upload_file'
-            args = [@source, @destination, @targets]
-            args << @description if @description
+            args = [body['upload'], body['destination'], body['targets']]
+            args << body['description'] if body['description']
+            args << opts if opts.any?
 
-            code << function_call(fn, args)
+            args
+          end
 
-            code << "\n"
+          # Returns the function corresponding to the step
+          #
+          private def function
+            'upload_file'
           end
         end
       end

data/lib/bolt/pal/yaml_plan/transpiler.rb

@@ -14,8 +14,8 @@ module Bolt
           end
         end
 
-        def transpile(relative_path)
-          @plan_path = File.expand_path(relative_path)
+        def transpile(plan_path)
+          @plan_path = plan_path
           @modulename = Bolt::Util.module_name(@plan_path)
           @filename = @plan_path.split(File::SEPARATOR)[-1]
           validate_path
@@ -29,7 +29,7 @@ module Bolt
 
           plan_string = String.new('')
           plan_string << "# #{plan_object.description}\n" if plan_object.description
-          plan_string << "# WARNING: This is an autogenerated plan. It may not behave as expected.\n"
+          plan_string << "# WARNING: This is an autogenerated plan. It might not behave as expected.\n"
           plan_string << "# @private #{plan_object.private}\n" unless plan_object.private.nil?
           plan_string << "#{param_descriptions}\n" unless param_descriptions.empty?
 

data/lib/bolt/plan_creator.rb

@@ -22,7 +22,7 @@ module Bolt
           Invalid plan name '#{plan_name}'. Plan names are composed of one or more name segments
           separated by double colons '::'.
 
-          Each name segment must begin with a lowercase letter, and may only include lowercase
+          Each name segment must begin with a lowercase letter, and can only include lowercase
           letters, digits, and underscores.
 
           Examples of valid plan names:

data/lib/bolt/project_manager.rb

@@ -143,7 +143,7 @@ module Bolt
       @outputter.print_message("Migrating project #{@config.project.path}\n\n")
 
       @outputter.print_action_step(
-        "Migrating a Bolt project may make irreversible changes to the project's "\
+        "Migrating a Bolt project might make irreversible changes to the project's "\
         "configuration and inventory files. Before continuing, make sure the "\
         "project has a backup or uses a version control system."
       )

data/lib/bolt/project_manager/module_migrator.rb

@@ -66,7 +66,7 @@ module Bolt
         # Attempt to resolve dependencies
         begin
           @outputter.print_message('')
-          @outputter.print_action_step("Resolving module dependencies, this may take a moment")
+          @outputter.print_action_step("Resolving module dependencies, this might take a moment")
           puppetfile = Bolt::ModuleInstaller::Resolver.new.resolve(specs)
         rescue Bolt::Error => e
           @outputter.print_action_error("#{e.message}\nSkipping module migration.")

data/lib/bolt/result.rb

@@ -28,20 +28,14 @@ module Bolt
       %w[file line].zip(position).to_h.compact
     end
 
-    def self.for_command(target, stdout, stderr, exit_code, action, command, position)
-      value = {
-        'stdout' => stdout,
-        'stderr' => stderr,
-        'exit_code' => exit_code
-      }
-
+    def self.for_command(target, value, action, command, position)
       details = create_details(position)
-      unless exit_code == 0
-        details['exit_code'] = exit_code
+      unless value['exit_code'] == 0
+        details['exit_code'] = value['exit_code']
         value['_error'] = {
           'kind' => 'puppetlabs.tasks/command-error',
           'issue_code' => 'COMMAND_ERROR',
-          'msg' => "The command failed with exit code #{exit_code}",
+          'msg' => "The command failed with exit code #{value['exit_code']}",
           'details' => details
         }
       end
@@ -170,15 +164,12 @@ module Bolt
         target == other.target &&
         value == other.value
     end
+    alias == eql?
 
     def [](key)
       value[key]
     end
 
-    def ==(other)
-      eql?(other)
-    end
-
     def to_json(opts = nil)
       to_data.to_json(opts)
     end
@@ -203,12 +194,17 @@ module Bolt
     end
 
     def to_data
+      serialized_value = safe_value
+      if serialized_value.key?('_sensitive') &&
+         serialized_value['_sensitive'].is_a?(Puppet::Pops::Types::PSensitiveType::Sensitive)
+        serialized_value['_sensitive'] = serialized_value['_sensitive'].to_s
+      end
       {
         "target" => @target.name,
         "action" => action,
         "object" => object,
         "status" => status,
-        "value" => safe_value
+        "value" => serialized_value
       }
     end
 

data/lib/bolt/shell.rb

@@ -8,6 +8,22 @@ module Bolt
       @target = target
       @conn = conn
       @logger = Bolt::Logger.logger(@target.safe_name)
+
+      if Bolt::Logger.stream
+        Bolt::Logger.warn_once("stream_experimental",
+                               "The 'stream' option is experimental, and might "\
+                               "include breaking changes between minor versions.")
+        @stream_logger = Bolt::Logger.logger(:stream)
+        # Don't send stream messages to the parent logger
+        @stream_logger.additive = false
+
+        # Log stream messages without any other data or color
+        pattern = Logging.layouts.pattern(pattern: '%m\n')
+        @stream_logger.appenders = Logging.appenders.stdout(
+          'console',
+          layout: pattern
+        )
+      end
     end
 
     def run_command(*_args)

data/lib/bolt/shell/bash.rb

@@ -12,7 +12,6 @@ module Bolt
         super
 
         @run_as = nil
-
         @sudo_id = SecureRandom.uuid
         @sudo_password = @target.options['sudo-password'] || @target.password
       end
@@ -25,9 +24,7 @@ module Bolt
         running_as(options[:run_as]) do
           output = execute(command, environment: options[:env_vars], sudoable: true)
           Bolt::Result.for_command(target,
-                                   output.stdout.string,
-                                   output.stderr.string,
-                                   output.exit_code,
+                                   output.to_h,
                                    'command',
                                    command,
                                    position)
@@ -54,19 +51,35 @@ module Bolt
 
       def download(source, destination, options = {})
         running_as(options[:run_as]) do
-          # Target OS may be either Unix or Windows. Without knowing the target OS before-hand
-          # we can't assume whether the path separator is '/' or '\'. Assume we're connecting
-          # to a target with Unix and then check if the path exists after downloading.
           download = File.join(destination, Bolt::Util.unix_basename(source))
 
-          conn.download_file(source, destination, download)
+          # If using run-as, the file is copied to a tmpdir and chowned to the
+          # connecting user. This is a workaround for limitations in net-ssh that
+          # only allow for downloading files as the connecting user, which is a
+          # problem for users who cannot connect to targets as the root user.
+          # This temporary copy should *always* be deleted.
+          if run_as
+            with_tmpdir(force_cleanup: true) do |dir|
+              tmpfile = File.join(dir.to_s, Bolt::Util.unix_basename(source))
+
+              result = execute(['cp', '-r', source, dir.to_s], sudoable: true)
+
+              if result.exit_code != 0
+                message = "Could not copy file '#{source}' to temporary directory '#{dir}': #{result.stderr.string}"
+                raise Bolt::Node::FileError.new(message, 'CP_ERROR')
+              end
 
-          # If the download path doesn't exist, then the file was likely downloaded from Windows
-          # using a source path with backslashes (e.g. 'C:\Users\Administrator\foo'). The file
-          # should be saved to the expected location, so update the download path assuming a
-          # Windows basename so the result shows the correct local path.
-          unless File.exist?(download)
-            download = File.join(destination, Bolt::Util.windows_basename(source))
+              # We need to force the chown, otherwise this will just return
+              # without doing anything since the chown user is the same as the
+              # connecting user.
+              dir.chown(conn.user, force: true)
+
+              conn.download_file(tmpfile, destination, download)
+            end
+          # If not using run-as, we can skip creating a temporary copy and just
+          # download the file directly.
+          else
+            conn.download_file(source, destination, download)
           end
 
           Bolt::Result.for_download(target, source, destination, download)
@@ -83,9 +96,7 @@ module Bolt
             dir.chown(run_as)
             output = execute([path, *arguments], environment: options[:env_vars], sudoable: true)
             Bolt::Result.for_command(target,
-                                     output.stdout.string,
-                                     output.stderr.string,
-                                     output.exit_code,
+                                     output.to_h,
                                      'script',
                                      script,
                                      position)
@@ -134,18 +145,21 @@ module Bolt
 
             remote_task_path = write_executable(task_dir, executable)
 
+            execute_options[:stdin] = stdin
+
             # Avoid the horrors of passing data on stdin via a tty on multiple platforms
             # by writing a wrapper script that directs stdin to the task.
             if stdin && target.options['tty']
               wrapper = make_wrapper_stringio(remote_task_path, stdin, execute_options[:interpreter])
+              # Wrapper script handles interpreter and stdin. Delete these execute options
               execute_options.delete(:interpreter)
+              execute_options.delete(:stdin)
               execute_options[:wrapper] = true
               remote_task_path = write_executable(dir, wrapper, 'wrapper.sh')
             end
 
             dir.chown(run_as)
 
-            execute_options[:stdin] = stdin
             execute_options[:sudoable] = true if run_as
             output = execute(remote_task_path, **execute_options)
           end
@@ -291,12 +305,12 @@ module Bolt
 
       # A helper to create and delete a tmpdir on the remote system. Yields the
       # directory name.
-      def with_tmpdir
+      def with_tmpdir(force_cleanup: false)
         dir = make_tmpdir
         yield dir
       ensure
         if dir
-          if target.options['cleanup']
+          if target.options['cleanup'] || force_cleanup
             dir.delete
           else
             Bolt::Logger.warn("skip_cleanup", "Skipping cleanup of tmpdir #{dir}")
@@ -331,10 +345,15 @@ module Bolt
         # together multiple commands into a single sh invocation
         commands = [inject_interpreter(options[:interpreter], command)]
 
+        # Let the transport handle adding environment variables if it's custom.
         if options[:environment]
-          env_decl = options[:environment].map do |env, val|
-            "#{env}=#{Shellwords.shellescape(val)}"
-          end.join(' ')
+          if defined? conn.add_env_vars
+            conn.add_env_vars(options[:environment])
+          else
+            env_decl = options[:environment].map do |env, val|
+              "#{env}=#{Shellwords.shellescape(val)}"
+            end.join(' ')
+          end
         end
 
         if escalate
@@ -385,14 +404,24 @@ module Bolt
           # See if we can read from out or err, or write to in
           ready_read, ready_write, = select(read_streams.keys, write_stream, nil, timeout)
 
-          # Read from out and err
           ready_read&.each do |stream|
+            stream_name = stream == out ? 'out' : 'err'
             # Check for sudo prompt
-            read_streams[stream] << if use_sudo
-                                      check_sudo(stream, inp, options[:stdin])
-                                    else
-                                      stream.readpartial(CHUNK_SIZE)
-                                    end
+            to_print = if use_sudo
+                         check_sudo(stream, inp, options[:stdin])
+                       else
+                         stream.readpartial(CHUNK_SIZE)
+                       end
+
+            if !to_print.chomp.empty? && @stream_logger
+              formatted = to_print.lines.map do |msg|
+                "[#{@target.safe_name}] #{stream_name}: #{msg.chomp}"
+              end.join("\n")
+              @stream_logger.warn(formatted)
+            end
+
+            read_streams[stream]        << to_print
+            result_output.merged_output << to_print
           rescue EOFError
           end
 
@@ -440,9 +469,10 @@ module Bolt
         when 0
           @logger.trace { "Command `#{command_str}` returned successfully" }
         when 126
-          msg = "\n\nThis may be caused by the default tmpdir being mounted "\
+          msg = "\n\nThis might be caused by the default tmpdir being mounted "\
             "using 'noexec'. See http://pup.pt/task-failure for details and workarounds."
-          result_output.stderr << msg
+          result_output.stderr        << msg
+          result_output.merged_output << msg
           @logger.trace { "Command #{command_str} failed with exit code #{result_output.exit_code}" }
         else
           @logger.trace { "Command #{command_str} failed with exit code #{result_output.exit_code}" }

data/lib/bolt/shell/bash/tmpdir.rb

@@ -24,8 +24,8 @@ module Bolt
           end
         end
 
-        def chown(owner)
-          return if owner.nil? || owner == @owner
+        def chown(owner, force: false)
+          return if owner.nil? || (owner == @owner && !force)
 
           result = @shell.execute(['id', '-g', owner])
           if result.exit_code != 0

data/lib/bolt/shell/powershell.rb

@@ -195,9 +195,7 @@ module Bolt
         wrap_command = conn.is_a?(Bolt::Transport::Local::Connection)
         output = execute(command, wrap_command)
         Bolt::Result.for_command(target,
-                                 output.stdout.string,
-                                 output.stderr.string,
-                                 output.exit_code,
+                                 output.to_h,
                                  'command',
                                  command,
                                  position)
@@ -208,20 +206,23 @@ module Bolt
         arguments = unwrap_sensitive_args(arguments)
         with_tmpdir do |dir|
           script_path = write_executable(dir, script)
-          command = if powershell_file?(script_path)
+          command = if powershell_file?(script_path) && options[:pwsh_params]
+                      # Scripts run with pwsh_params can be run like tasks
+                      Snippets.ps_task(script_path, options[:pwsh_params])
+                    elsif powershell_file?(script_path)
                       Snippets.run_script(arguments, script_path)
                     else
                       path, args = *process_from_extension(script_path)
                       args += escape_arguments(arguments)
                       execute_process(path, args)
                     end
-          command = [*env_declarations(options[:env_vars]), command].join("\r\n") if options[:env_vars]
+          env_assignments = options[:env_vars] ? env_declarations(options[:env_vars]) : []
+          shell_init = options[:pwsh_params] ? Snippets.shell_init : ''
+
+          output = execute([shell_init, *env_assignments, command].join("\r\n"))
 
-          output = execute(command)
           Bolt::Result.for_command(target,
-                                   output.stdout.string,
-                                   output.stderr.string,
-                                   output.exit_code,
+                                   output.to_h,
                                    'script',
                                    script,
                                    position)
@@ -274,7 +275,12 @@ module Bolt
                               []
                             end
 
-          output = execute([Snippets.shell_init, *env_assignments, command].join("\n"))
+          output = execute([
+            Snippets.shell_init,
+            Snippets.append_ps_module_path(dir),
+            *env_assignments,
+            command
+          ].join("\n"))
 
           Bolt::Result.for_task(target, output.stdout.string,
                                 output.stderr.string,
@@ -305,12 +311,28 @@ module Bolt
           # the proper encoding so the string isn't later misinterpreted
           encoding = out.external_encoding
           out.binmode
-          result.stdout << out.read.force_encoding(encoding)
+          to_print = out.read.force_encoding(encoding)
+          if !to_print.chomp.empty? && @stream_logger
+            formatted = to_print.lines.map do |msg|
+              "[#{@target.safe_name}] out: #{msg.chomp}"
+            end.join("\n")
+            @stream_logger.warn(formatted)
+          end
+          result.stdout        << to_print
+          result.merged_output << to_print
         end
         stderr = Thread.new do
           encoding = err.external_encoding
           err.binmode
-          result.stderr << err.read.force_encoding(encoding)
+          to_print = err.read.force_encoding(encoding)
+          if !to_print.chomp.empty? && @stream_logger
+            formatted = to_print.lines.map do |msg|
+              "[#{@target.safe_name}] err: #{msg.chomp}"
+            end.join("\n")
+            @stream_logger.warn(formatted)
+          end
+          result.stderr        << to_print
+          result.merged_output << to_print
         end
 
         stdout.join