bolt 3.17.0 → 3.21.0

data/lib/bolt/bolt_option_parser.rb

@@ -114,6 +114,21 @@ module Bolt
           { flags: OPTIONS[:global],
             banner: PLUGIN_HELP }
         end
+      when 'policy'
+        case action
+        when 'apply'
+          { flags: ACTION_OPTS + %w[compile-concurrency hiera-config noop],
+            banner: POLICY_APPLY_HELP }
+        when 'new'
+          { flags: OPTIONS[:global] + PROJECT_PATHS,
+            banner: POLICY_NEW_HELP }
+        when 'show'
+          { flags: OPTIONS[:global] + PROJECT_PATHS,
+            banner: POLICY_SHOW_HELP }
+        else
+          { flags: OPTIONS[:global],
+            banner: POLICY_HELP }
+        end
       when 'project'
         case action
         when 'init'
@@ -202,6 +217,7 @@ module Bolt
           lookup            Look up a value with Hiera
           plan              Convert, create, show, and run Bolt plans
           plugin            Show available plugins
+          policy            Apply, create, and show policies
           project           Create and migrate Bolt projects
           script            Upload a local script and run it remotely
           secret            Create encryption keys and encrypt and decrypt values
@@ -250,7 +266,7 @@ module Bolt
 
     COMMAND_RUN_HELP = <<~HELP
       #{colorize(:cyan, 'Name')}
-          run
+          command run
 
       #{colorize(:cyan, 'Usage')}
           bolt command run <command> {--targets TARGETS | --query QUERY | --rerun FILTER}
@@ -286,7 +302,7 @@ module Bolt
 
     FILE_DOWNLOAD_HELP = <<~HELP
       #{colorize(:cyan, 'Name')}
-          download
+          file download
 
       #{colorize(:cyan, 'Usage')}
           bolt file download <source> <destination> {--targets TARGETS | --query QUERY | --rerun FILTER}
@@ -309,7 +325,7 @@ module Bolt
 
     FILE_UPLOAD_HELP = <<~HELP
       #{colorize(:cyan, 'Name')}
-          upload
+          file upload
 
       #{colorize(:cyan, 'Usage')}
           bolt file upload <source> <destination> {--targets TARGETS | --query QUERY | --rerun FILTER}
@@ -344,7 +360,7 @@ module Bolt
 
     GROUP_SHOW_HELP = <<~HELP
       #{colorize(:cyan, 'Name')}
-          show
+          group show
 
       #{colorize(:cyan, 'Usage')}
           bolt group show [options]
@@ -395,7 +411,7 @@ module Bolt
 
     INVENTORY_SHOW_HELP = <<~HELP
       #{colorize(:cyan, 'Name')}
-          show
+          inventory show
 
       #{colorize(:cyan, 'Usage')}
           bolt inventory show [options]
@@ -453,7 +469,7 @@ module Bolt
 
     MODULE_ADD_HELP = <<~HELP
       #{colorize(:cyan, 'Name')}
-          add
+          module add
       
       #{colorize(:cyan, 'Usage')}
           bolt module add <module> [options]
@@ -471,7 +487,7 @@ module Bolt
 
     MODULE_GENERATETYPES_HELP = <<~HELP
       #{colorize(:cyan, 'Name')}
-          generate-types
+          module generate-types
 
       #{colorize(:cyan, 'Usage')}
           bolt module generate-types [options]
@@ -486,7 +502,7 @@ module Bolt
 
     MODULE_INSTALL_HELP = <<~HELP
       #{colorize(:cyan, 'Name')}
-          install
+          module install
       
       #{colorize(:cyan, 'Usage')}
           bolt module install [options]
@@ -504,7 +520,7 @@ module Bolt
 
     MODULE_SHOW_HELP = <<~HELP
       #{colorize(:cyan, 'Name')}
-          show
+          module show
 
       #{colorize(:cyan, 'Usage')}
           bolt module show [module name] [options]
@@ -541,7 +557,7 @@ module Bolt
 
     PLAN_CONVERT_HELP = <<~HELP
       #{colorize(:cyan, 'Name')}
-          convert
+          plan convert
 
       #{colorize(:cyan, 'Usage')}
           bolt plan convert <plan name> [options]
@@ -564,7 +580,7 @@ module Bolt
 
     PLAN_NEW_HELP = <<~HELP
       #{colorize(:cyan, 'Name')}
-          new
+          plan new
       
       #{colorize(:cyan, 'Usage')}
           bolt plan new <plan name> [options]
@@ -581,7 +597,7 @@ module Bolt
 
     PLAN_RUN_HELP = <<~HELP
       #{colorize(:cyan, 'Name')}
-          run
+          plan run
 
       #{colorize(:cyan, 'Usage')}
           bolt plan run <plan name> [parameters] [options]
@@ -598,7 +614,7 @@ module Bolt
 
     PLAN_SHOW_HELP = <<~HELP
       #{colorize(:cyan, 'Name')}
-          show
+          plan show
 
       #{colorize(:cyan, 'Usage')}
           bolt plan show [plan name] [options]
@@ -641,7 +657,7 @@ module Bolt
 
     PLUGIN_SHOW_HELP = <<~HELP
       #{colorize(:cyan, 'Name')}
-          show
+          plugin show
 
       #{colorize(:cyan, 'Usage')}
           bolt plugin show [options]
@@ -653,6 +669,55 @@ module Bolt
           Learn more about Bolt plugins at https://pup.pt/bolt-plugins.
     HELP
 
+    POLICY_HELP = <<~HELP
+      #{colorize(:cyan, 'Name')}
+          policy
+
+      #{colorize(:cyan, 'Usage')}
+          bolt policy <action> [options]
+
+      #{colorize(:cyan, 'Description')}
+          Apply, create, and show policies.
+
+      #{colorize(:cyan, 'Actions')}
+          apply         Apply a policy to the specified targets
+          new           Create a new policy in the current project
+          show          Show available policy
+    HELP
+
+    POLICY_APPLY_HELP = <<~HELP
+      #{colorize(:cyan, 'Name')}
+          policy apply
+
+      #{colorize(:cyan, 'Usage')}
+          bolt policy apply <policy> [options]
+
+      #{colorize(:cyan, 'Description')}
+          Apply a policy to the specified targets.
+    HELP
+
+    POLICY_NEW_HELP = <<~HELP
+      #{colorize(:cyan, 'Name')}
+          policy new
+
+      #{colorize(:cyan, 'Usage')}
+          bolt policy new <policy> [options]
+
+      #{colorize(:cyan, 'Description')}
+          Create a new policy in the current project.
+    HELP
+
+    POLICY_SHOW_HELP = <<~HELP
+      #{colorize(:cyan, 'Name')}
+          policy show
+
+      #{colorize(:cyan, 'Usage')}
+          bolt policy show [options]
+
+      #{colorize(:cyan, 'Description')}
+          Show available policies.
+    HELP
+
     PROJECT_HELP = <<~HELP
       #{colorize(:cyan, 'Name')}
           project
@@ -673,7 +738,7 @@ module Bolt
 
     PROJECT_INIT_HELP = <<~HELP
       #{colorize(:cyan, 'Name')}
-          init
+          project init
 
       #{colorize(:cyan, 'Usage')}
           bolt project init [name] [options]
@@ -697,7 +762,7 @@ module Bolt
 
     PROJECT_MIGRATE_HELP = <<~HELP
       #{colorize(:cyan, 'Name')}
-          migrate
+          project migrate
 
       #{colorize(:cyan, 'Usage')}
           bolt project migrate [options]
@@ -729,7 +794,7 @@ module Bolt
 
     SCRIPT_RUN_HELP = <<~HELP
       #{colorize(:cyan, 'Name')}
-          run
+          script run
 
       #{colorize(:cyan, 'Usage')}
           bolt script run <script> [arguments] {--targets TARGETS | --query QUERY | --rerun FILTER}
@@ -770,7 +835,7 @@ module Bolt
 
     SECRET_CREATEKEYS_HELP = <<~HELP
       #{colorize(:cyan, 'Name')}
-          createkeys
+          secret createkeys
 
       #{colorize(:cyan, 'Usage')}
           bolt secret createkeys [options]
@@ -784,7 +849,7 @@ module Bolt
 
     SECRET_DECRYPT_HELP = <<~HELP
       #{colorize(:cyan, 'Name')}
-          decrypt
+          secret decrypt
 
       #{colorize(:cyan, 'Usage')}
           bolt secret decrypt <ciphertext> [options]
@@ -798,7 +863,7 @@ module Bolt
 
     SECRET_ENCRYPT_HELP = <<~HELP
       #{colorize(:cyan, 'Name')}
-          encrypt
+          secret encrypt
 
       #{colorize(:cyan, 'Usage')}
         bolt secret encrypt <plaintext> [options]
@@ -830,7 +895,7 @@ module Bolt
 
     TASK_RUN_HELP = <<~HELP
       #{colorize(:cyan, 'Name')}
-          run
+          task run
 
       #{colorize(:cyan, 'Usage')}
           bolt task run <task name> [parameters] {--targets TARGETS | --query QUERY | --rerun FILTER}
@@ -850,7 +915,7 @@ module Bolt
 
     TASK_SHOW_HELP = <<~HELP
       #{colorize(:cyan, 'Name')}
-          show
+          task show
 
       #{colorize(:cyan, 'Usage')}
           bolt task show [task name] [options]

data/lib/bolt/catalog.rb

@@ -1,17 +1,17 @@
 # frozen_string_literal: true
 
-require 'bolt/apply_inventory'
-require 'bolt/apply_target'
-require 'bolt/config'
-require 'bolt/error'
-require 'bolt/inventory'
-require 'bolt/pal'
-require 'bolt/puppetdb'
-require 'bolt/util'
+require_relative '../bolt/apply_inventory'
+require_relative '../bolt/apply_target'
+require_relative '../bolt/config'
+require_relative '../bolt/error'
+require_relative '../bolt/inventory'
+require_relative '../bolt/pal'
+require_relative '../bolt/puppetdb'
+require_relative '../bolt/util'
 
 Bolt::PAL.load_puppet
 
-require 'bolt/catalog/logging'
+require_relative 'catalog/logging'
 
 module Bolt
   class Catalog
@@ -65,8 +65,7 @@ module Bolt
       puppet_overrides = {
         bolt_pdb_client: pdb_client,
         bolt_inventory: inv,
-        bolt_project: bolt_project,
-        future: request['future']
+        bolt_project: bolt_project
       }
 
       # Facts will be set by the catalog compiler, so we need to ensure

data/lib/bolt/cli.rb

@@ -9,23 +9,23 @@ require 'json'
 require 'io/console'
 require 'logging'
 require 'optparse'
-require 'bolt/analytics'
-require 'bolt/application'
-require 'bolt/bolt_option_parser'
-require 'bolt/config'
-require 'bolt/error'
-require 'bolt/executor'
-require 'bolt/inventory'
-require 'bolt/logger'
-require 'bolt/module_installer'
-require 'bolt/outputter'
-require 'bolt/pal'
-require 'bolt/plugin'
-require 'bolt/project_manager'
-require 'bolt/puppetdb'
-require 'bolt/rerun'
-require 'bolt/target'
-require 'bolt/version'
+require_relative '../bolt/analytics'
+require_relative '../bolt/application'
+require_relative '../bolt/bolt_option_parser'
+require_relative '../bolt/config'
+require_relative '../bolt/error'
+require_relative '../bolt/executor'
+require_relative '../bolt/inventory'
+require_relative '../bolt/logger'
+require_relative '../bolt/module_installer'
+require_relative '../bolt/outputter'
+require_relative '../bolt/pal'
+require_relative '../bolt/plugin'
+require_relative '../bolt/project_manager'
+require_relative '../bolt/puppetdb'
+require_relative '../bolt/rerun'
+require_relative '../bolt/target'
+require_relative '../bolt/version'
 
 module Bolt
   class CLIExit < StandardError; end
@@ -44,6 +44,7 @@ module Bolt
       'module'    => %w[add generate-types install show],
       'plan'      => %w[show run convert new],
       'plugin'    => %w[show],
+      'policy'    => %w[apply new show],
       'project'   => %w[init migrate],
       'script'    => %w[run],
       'secret'    => %w[encrypt decrypt createkeys],
@@ -53,8 +54,7 @@ module Bolt
     TARGETING_OPTIONS = %i[query rerun targets].freeze
 
     SUCCESS = 0
-    ERROR   = 1
-    FAILURE = 2
+    FAILURE = 1
 
     def initialize(argv)
       Bolt::Logger.initialize_logging
@@ -288,6 +288,26 @@ module Bolt
         raise Bolt::CLIError, "Must specify a plan."
       end
 
+      if options[:subcommand] == 'policy'
+        if options[:action] == 'apply' && !options[:object]
+          raise Bolt::CLIError, "Must specify one or more policies to apply."
+        end
+
+        if options[:action] == 'apply' && options[:leftovers].any?
+          raise Bolt::CLIError, "Unknown argument(s) #{options[:leftovers].join(', ')}. "\
+                                "To apply multiple policies, provide a comma-separated list of "\
+                                "policy names."
+        end
+
+        if options[:action] == 'new' && !options[:object]
+          raise Bolt::CLIError, "Must specify a name for the new policy."
+        end
+
+        if options[:action] == 'show' && options[:object]
+          raise Bolt::CLIError, "Unknown argument #{options[:object]}."
+        end
+      end
+
       if options[:subcommand] == 'module' && options[:action] == 'install' && options[:object]
         command = Bolt::Util.powershell? ? 'Add-BoltModule -Module' : 'bolt module add'
         raise Bolt::CLIError, "Invalid argument '#{options[:object]}'. To add a new module to "\
@@ -325,7 +345,9 @@ module Bolt
       end
 
       if options[:noop] &&
-         !(options[:subcommand] == 'task' && options[:action] == 'run') && options[:subcommand] != 'apply'
+         !(options[:subcommand] == 'task' && options[:action] == 'run') &&
+         options[:subcommand] != 'apply' &&
+         options[:action] != 'apply'
         raise Bolt::CLIError,
               "Option '--noop' can only be specified when running a task or applying manifest code"
       end
@@ -447,7 +469,7 @@ module Bolt
           check_gem_install
           warn_inventory_overrides_cli(config, options)
           submit_screen_view(analytics, config, inventory, options)
-          options[:targets] = process_target_list(plugins.puppetdb_client, @rerun, options)
+          options[:targets] = process_target_list(plugins, @rerun, options)
 
           # TODO: Fix casing issue in Windows.
           config.check_path_case('modulepath', config.modulepath)
@@ -632,6 +654,26 @@ module Bolt
         outputter.print_plugin_list(**app.list_plugins)
         SUCCESS
 
+      when 'policy'
+        Bolt::Logger.warn('policy_command', 'This command is experimental and is subject to change.')
+        case action
+        when 'apply'
+          results = outputter.spin do
+            app.apply_policies(options[:object], options[:targets], **options.slice(:noop))
+          end
+          rerun.update(results)
+          app.shutdown
+          outputter.print_apply_result(results)
+          results.ok? ? SUCCESS : FAILURE
+        when 'new'
+          result = app.new_policy(options[:object])
+          outputter.print_new_policy(**result)
+          SUCCESS
+        when 'show'
+          outputter.print_policy_list(**app.list_policies)
+          SUCCESS
+        end
+
       when 'project'
         case action
         when 'init'
@@ -690,14 +732,14 @@ module Bolt
     # Process the target list by turning a PuppetDB query or rerun mode into a
     # list of target names.
     #
-    # @param pdb_client [Bolt::PuppetDB::Client] The PuppetDB client.
+    # @param plugins [Bolt::Plugin] The Plugin instance.
     # @param rerun [Bolt::Rerun] The Rerun instance.
     # @param options [Hash] The CLI options.
     # @return [Hash] The target list.
     #
-    private def process_target_list(pdb_client, rerun, options)
+    private def process_target_list(plugins, rerun, options)
       if options[:query]
-        pdb_client.query_certnames(options[:query])
+        plugins.puppetdb_client.query_certnames(options[:query])
       elsif options[:rerun]
         rerun.get_targets(options[:rerun])
       elsif options[:targets]

data/lib/bolt/config/modulepath.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require 'bolt/config'
+require_relative '../../bolt/config'
 
 module Bolt
   class Config

data/lib/bolt/config/options.rb

@@ -1,13 +1,13 @@
 # frozen_string_literal: true
 
-require 'bolt/config/transport/docker'
-require 'bolt/config/transport/local'
-require 'bolt/config/transport/lxd'
-require 'bolt/config/transport/orch'
-require 'bolt/config/transport/podman'
-require 'bolt/config/transport/remote'
-require 'bolt/config/transport/ssh'
-require 'bolt/config/transport/winrm'
+require_relative '../../bolt/config/transport/docker'
+require_relative '../../bolt/config/transport/local'
+require_relative '../../bolt/config/transport/lxd'
+require_relative '../../bolt/config/transport/orch'
+require_relative '../../bolt/config/transport/podman'
+require_relative '../../bolt/config/transport/remote'
+require_relative '../../bolt/config/transport/ssh'
+require_relative '../../bolt/config/transport/winrm'
 
 module Bolt
   class Config
@@ -147,14 +147,23 @@ module Bolt
           type: Hash,
           properties: {
             "file_paths" => {
-              description: "Load scripts from the `scripts/` directory of a module",
+              description: "Load scripts from the `scripts/` directory of a module.",
+              type: [TrueClass, FalseClass],
+              _example: true,
+              _default: false,
+              _deprecation: "Bolt no longer honors this option and enables loading scripts from the scripts "\
+                            "directory by default."
+            },
+            "script_interpreter" => {
+              description: "Use a target's [`interpreters` configuration](bolt_transports_reference.md#interpreters) "\
+                           "when running a script.",
               type: [TrueClass, FalseClass],
               _example: true,
               _default: false
             }
           },
           _plugin: false,
-          _example: { 'file_paths' => true }
+          _example: { 'script_interpreter' => true }
         },
         "hiera-config" => {
           description: "The path to the Hiera configuration file.",
@@ -248,10 +257,16 @@ module Bolt
           type: Hash,
           properties: {
             "forge" => {
-              description: "A subsection that can have its own `proxy` setting to set an HTTP proxy for Forge "\
-                           "operations only, and a `baseurl` setting to specify a different Forge host.",
+              description: "A subsection for configuring connections to a Forge host.",
               type: Hash,
               properties: {
+                "authorization_token" => {
+                  description: "The token used to authorize requests to the Forge host. Must also specify "\
+                               "`baseurl` when using this option.",
+                  type: String,
+                  _example: "Bearer eyJhbGciOiJIUzI1NiIsInR5c...",
+                  _plugin: true
+                },
                 "baseurl" => {
                   description: "The URL to the Forge host.",
                   type: String,
@@ -265,7 +280,11 @@ module Bolt
                   _example: "https://my-forge-proxy.com:8080"
                 }
               },
-              _example: { "baseurl" => "https://forge.example.com", "proxy" => "https://my-forge-proxy.com:8080" }
+              _example: {
+                "authorization_token" => "Bearer eyJhbGciOiJIUzI1NiIsInR5c...",
+                "baseurl" => "https://forge.example.com",
+                "proxy" => "https://my-forge-proxy.com:8080"
+              }
             },
             "proxy" => {
               description: "The HTTP proxy to use for Git and Forge operations.",
@@ -377,6 +396,15 @@ module Bolt
           _plugin: false,
           _example: { "pkcs7" => { "keysize" => 1024 } }
         },
+        "policies" => {
+          description: "A list of policy names and glob patterns to filter the project's policies by. This option "\
+                       "is used to specify which policies are available to a project and can be applied to targets. "\
+                       "When this option is not configured, policies are not available to the project and cannot "\
+                       "be applied to targets.",
+          type: Array,
+          _plugin: false,
+          _example: ["myproject::apache", "myproject::postgres"]
+        },
         "puppetdb" => {
           description: "A map containing options for [configuring the Bolt PuppetDB "\
                        "client](bolt_connect_puppetdb.md).",
@@ -600,6 +628,7 @@ module Bolt
         plugin-cache
         plugin-hooks
         plugins
+        policies
         puppetdb
         save-rerun
         spinner

data/lib/bolt/config/transport/base.rb

@@ -1,9 +1,9 @@
 # frozen_string_literal: true
 
-require 'bolt/error'
-require 'bolt/util'
-require 'bolt/validator'
-require 'bolt/config/transport/options'
+require_relative '../../../bolt/error'
+require_relative '../../../bolt/util'
+require_relative '../../../bolt/validator'
+require_relative '../../../bolt/config/transport/options'
 
 module Bolt
   class Config

data/lib/bolt/config/transport/docker.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-require 'bolt/error'
-require 'bolt/config/transport/base'
+require_relative '../../../bolt/error'
+require_relative '../../../bolt/config/transport/base'
 
 module Bolt
   class Config

data/lib/bolt/config/transport/local.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-require 'bolt/error'
-require 'bolt/config/transport/base'
+require_relative '../../../bolt/error'
+require_relative '../../../bolt/config/transport/base'
 
 module Bolt
   class Config

data/lib/bolt/config/transport/lxd.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-require 'bolt/error'
-require 'bolt/config/transport/base'
+require_relative '../../../bolt/error'
+require_relative '../../../bolt/config/transport/base'
 
 module Bolt
   class Config

data/lib/bolt/config/transport/options.rb

@@ -155,14 +155,15 @@ module Bolt
                          "`task.py`) and the extension is case sensitive. When a target's name is `localhost`, "\
                          "Ruby tasks run with the Bolt Ruby interpreter by default.",
             additionalProperties: {
-              type: String,
+              type: [String, Array],
               _plugin: false
             },
             propertyNames: {
               pattern: "^.?[a-zA-Z0-9]+$"
             },
             _plugin: true,
-            _example: { "rb" => "/usr/bin/ruby" }
+            _example: { "rb" => ["/usr/bin/ruby", "-r", "puppet"],
+                        ".py" => "/usr/bin/python3" }
           },
           "job-poll-interval" => {
             type: Integer,

data/lib/bolt/config/transport/orch.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-require 'bolt/error'
-require 'bolt/config/transport/base'
+require_relative '../../../bolt/error'
+require_relative '../../../bolt/config/transport/base'
 
 module Bolt
   class Config

data/lib/bolt/config/transport/podman.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-require 'bolt/error'
-require 'bolt/config/transport/base'
+require_relative '../../../bolt/error'
+require_relative '../../../bolt/config/transport/base'
 
 module Bolt
   class Config

data/lib/bolt/config/transport/remote.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-require 'bolt/error'
-require 'bolt/config/transport/base'
+require_relative '../../../bolt/error'
+require_relative '../../../bolt/config/transport/base'
 
 module Bolt
   class Config