bolt 3.22.1 → 3.24.0

data/lib/bolt/puppetdb/instance.rb

@@ -0,0 +1,146 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'logging'
+require_relative '../../bolt/puppetdb/config'
+
+module Bolt
+  module PuppetDB
+    class Instance
+      attr_reader :config
+
+      def initialize(config:, project: nil, load_defaults: false)
+        @config      = Bolt::PuppetDB::Config.new(config: config, project: project, load_defaults: load_defaults)
+        @bad_urls    = []
+        @current_url = nil
+        @logger      = Bolt::Logger.logger(self)
+      end
+
+      def make_query(query, path = nil)
+        body = JSON.generate(query: query)
+        url = "#{uri}/pdb/query/v4"
+        url += "/#{path}" if path
+
+        begin
+          @logger.debug("Sending PuppetDB query to #{url}")
+          response = http_client.post(url, body: body, header: headers)
+        rescue StandardError => e
+          raise Bolt::PuppetDBFailoverError, "Failed to query PuppetDB: #{e}"
+        end
+
+        @logger.debug("Got response code #{response.code} from PuppetDB")
+        if response.code != 200
+          msg = "Failed to query PuppetDB: #{response.body}"
+          if response.code == 400
+            raise Bolt::PuppetDBError, msg
+          else
+            raise Bolt::PuppetDBFailoverError, msg
+          end
+        end
+
+        begin
+          JSON.parse(response.body)
+        rescue JSON::ParserError
+          raise Bolt::PuppetDBError, "Unable to parse response as JSON: #{response.body}"
+        end
+      rescue Bolt::PuppetDBFailoverError => e
+        @logger.error("Request to puppetdb at #{@current_url} failed with #{e}.")
+        reject_url
+        make_query(query, path)
+      end
+
+      # Sends a command to PuppetDB using version 1 of the commands API.
+      # https://puppet.com/docs/puppetdb/latest/api/command/v1/commands.html
+      #
+      # @param command [String] The command to invoke.
+      # @param version [Integer] The version of the command to invoke.
+      # @param payload [Hash] The payload to send with the command.
+      # @return A UUID identifying the submitted command.
+      #
+      def send_command(command, version, payload)
+        command = command.dup.force_encoding('utf-8')
+        body    = JSON.generate(payload)
+
+        # PDB requires the following query parameters to the POST request.
+        # Error early if there's no certname, as PDB does not return a
+        # message indicating it's required.
+        unless payload['certname']
+          raise Bolt::Error.new(
+            "Payload must include 'certname', unable to invoke command.",
+            'bolt/pdb-command'
+          )
+        end
+
+        url = uri.tap do |u|
+          u.path         = 'pdb/cmd/v1'
+          u.query_values = { 'command'  => command,
+                             'version'  => version,
+                             'certname' => payload['certname'] }
+        end
+
+        # Send the command to PDB
+        begin
+          @logger.debug("Sending PuppetDB command '#{command}' to #{url}")
+          response = http_client.post(url.to_s, body: body, header: headers)
+        rescue StandardError => e
+          raise Bolt::PuppetDBFailoverError, "Failed to invoke PuppetDB command: #{e}"
+        end
+
+        @logger.debug("Got response code #{response.code} from PuppetDB")
+        if response.code != 200
+          raise Bolt::PuppetDBError, "Failed to invoke PuppetDB command: #{response.body}"
+        end
+
+        # Return the UUID string from the response body
+        begin
+          JSON.parse(response.body).fetch('uuid', nil)
+        rescue JSON::ParserError
+          raise Bolt::PuppetDBError, "Unable to parse response as JSON: #{response.body}"
+        end
+      rescue Bolt::PuppetDBFailoverError => e
+        @logger.error("Request to puppetdb at #{@current_url} failed with #{e}.")
+        reject_url
+        send_command(command, version, payload)
+      end
+
+      def http_client
+        return @http if @http
+        # lazy-load expensive gem code
+        require 'httpclient'
+        @logger.trace("Creating HTTP Client")
+        @http = HTTPClient.new
+        @http.ssl_config.set_client_cert_file(@config.cert, @config.key) if @config.cert
+        @http.ssl_config.add_trust_ca(@config.cacert)
+        @http.connect_timeout = @config.connect_timeout if @config.connect_timeout
+        @http.receive_timeout = @config.read_timeout if @config.read_timeout
+
+        @http
+      end
+
+      def reject_url
+        @bad_urls << @current_url if @current_url
+        @current_url = nil
+      end
+
+      def uri
+        require 'addressable/uri'
+
+        @current_url ||= (@config.server_urls - @bad_urls).first
+        unless @current_url
+          msg = "Failed to connect to all PuppetDB server_urls: #{@config.server_urls.to_a.join(', ')}."
+          raise Bolt::PuppetDBError, msg
+        end
+
+        uri = Addressable::URI.parse(@current_url)
+        uri.port ||= 8081
+        uri
+      end
+
+      def headers
+        headers = { 'Content-Type' => 'application/json' }
+        headers['X-Authentication'] = @config.token if @config.token
+        headers
+      end
+    end
+  end
+end

data/lib/bolt/result.rb

@@ -128,7 +128,7 @@ module Bolt
 
     def _pcore_init_from_hash(init_hash)
       opts = init_hash.reject { |k, _v| k == 'target' }
-      initialize(init_hash['target'], opts.transform_keys(&:to_sym))
+      initialize(init_hash['target'], **opts.transform_keys(&:to_sym))
     end
 
     def _pcore_init_hash

data/lib/bolt/transport/orch/connection.rb

@@ -6,7 +6,7 @@ module Bolt
       class Connection
         attr_reader :logger, :key
 
-        CONTEXT_KEYS = Set.new(%i[plan_name description params]).freeze
+        CONTEXT_KEYS = Set.new(%i[plan_name description params sensitive]).freeze
 
         def self.get_key(opts)
           [
@@ -46,6 +46,7 @@ module Bolt
           if plan_context
             begin
               opts = plan_context.select { |k, _| CONTEXT_KEYS.include? k }
+              opts[:params] = opts[:params].reject { |k, _| plan_context[:sensitive].include?(k) }
               @client.command.plan_start(opts)['name']
             rescue OrchestratorClient::ApiError => e
               if e.code == '404'

data/lib/bolt/transport/winrm/connection.rb

@@ -53,9 +53,11 @@ module Bolt
             @connection = ::WinRM::Connection.new(options)
             @connection.logger = @transport_logger
 
-            @session = @connection.shell(:powershell)
-            @session.run('$PSVersionTable.PSVersion')
-            @logger.trace { "Opened session" }
+            @connection.shell(:powershell) do |session|
+              session.run('$PSVersionTable.PSVersion')
+            end
+
+            @logger.trace { "Opened connection" }
           end
         rescue Timeout::Error
           # If we're using the default port with SSL, a timeout probably means the
@@ -95,9 +97,8 @@ module Bolt
         end
 
         def disconnect
-          @session&.close
           @client&.disconnect!
-          @logger.trace { "Closed session" }
+          @logger.trace { "Closed connection" }
         end
 
         def execute(command)
@@ -116,12 +117,18 @@ module Bolt
             # propagate to the main thread via the shell, there's no chance
             # they will be unhandled, so the default stack trace is unneeded.
             Thread.current.report_on_exception = false
-            result = @session.run(command)
-            out_wr << result.stdout
-            err_wr << result.stderr
-            out_wr.close
-            err_wr.close
-            result.exitcode
+
+            # Open a new shell instance for each command executed. PowerShell is
+            # unable to unload any DLLs loaded when running a PowerShell script
+            # or task from the same shell instance they were loaded in, which
+            # prevents Bolt from cleaning up the temp directory successfully.
+            # Using a new PowerShell instance avoids this limitation.
+            @connection.shell(:powershell) do |session|
+              result = session.run(command)
+              out_wr << result.stdout
+              err_wr << result.stderr
+              result.exitcode
+            end
           ensure
             # Close the streams to avoid the caller deadlocking
             out_wr.close

data/lib/bolt/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Bolt
-  VERSION = '3.22.1'
+  VERSION = '3.24.0'
 end

data/lib/bolt_server/file_cache.rb

@@ -8,6 +8,7 @@ require 'digest'
 require 'fileutils'
 require 'net/http'
 require 'logging'
+require 'timeout'
 
 require 'bolt/error'
 
@@ -38,8 +39,7 @@ module BoltServer
 
       if do_purge
         @purge = Concurrent::TimerTask.new(execution_interval: purge_interval,
-                                           timeout_interval: purge_timeout,
-                                           run_now: true) { expire(purge_ttl) }
+                                           run_now: true) { expire(purge_ttl, purge_timeout) }
         @purge.execute
       end
     end
@@ -171,13 +171,15 @@ module BoltServer
       serial_execute { download_file(file_path, sha, file_data['uri']) }
     end
 
-    def expire(purge_ttl)
+    def expire(purge_ttl, purge_timeout)
       expired_time = Time.now - purge_ttl
-      @cache_dir_mutex.with_write_lock do
-        Dir.glob(File.join(@cache_dir, '*')).select { |f| File.directory?(f) }.each do |dir|
-          if (mtime = File.mtime(dir)) < expired_time && dir != tmppath
-            @logger.debug("Removing #{dir}, last used at #{mtime}")
-            FileUtils.remove_dir(dir)
+      Timeout.timeout(purge_timeout) do
+        @cache_dir_mutex.with_write_lock do
+          Dir.glob(File.join(@cache_dir, '*')).select { |f| File.directory?(f) }.each do |dir|
+            if (mtime = File.mtime(dir)) < expired_time && dir != tmppath
+              @logger.debug("Removing #{dir}, last used at #{mtime}")
+              FileUtils.remove_dir(dir)
+            end
           end
         end
       end

data/lib/bolt_spec/plans/action_stubs/download_stub.rb

@@ -41,7 +41,7 @@ module BoltSpec
         @invocation[:options]
       end
 
-      def result_for(_target, _data)
+      def result_for(_target, **_data)
         raise 'Download result cannot be changed'
       end
 

data/lib/bolt_spec/plans/action_stubs/plan_stub.rb

@@ -30,7 +30,7 @@ module BoltSpec
       end
 
       # Allow any data.
-      def result_for(_target, data)
+      def result_for(_target, **data)
         Bolt::PlanResult.new(Bolt::Util.walk_keys(data, &:to_s), 'success')
       end
 

data/lib/bolt_spec/plans/action_stubs/task_stub.rb

@@ -37,7 +37,7 @@ module BoltSpec
       end
 
       # Allow any data.
-      def result_for(target, data)
+      def result_for(target, **data)
         Bolt::Result.new(target, value: Bolt::Util.walk_keys(data, &:to_s))
       end
 

data/lib/bolt_spec/plans/action_stubs/upload_stub.rb

@@ -40,7 +40,7 @@ module BoltSpec
         @invocation[:options]
       end
 
-      def result_for(_target, _data)
+      def result_for(_target, **_data)
         raise 'Upload result cannot be changed'
       end
 

data/lib/bolt_spec/plans/action_stubs.rb

@@ -93,7 +93,7 @@ module BoltSpec
         when Bolt::Error
           Bolt::Result.from_exception(target, @data[:default])
         when Hash
-          result_for(target, Bolt::Util.walk_keys(@data[:default], &:to_sym))
+          result_for(target, **Bolt::Util.walk_keys(@data[:default], &:to_sym))
         else
           raise 'Default result must be a Hash'
         end
@@ -156,7 +156,7 @@ module BoltSpec
           # set the inventory from the BoltSpec::Plans, otherwise if we try to convert
           # this target to a string, it will fail to string conversion because the
           # inventory is nil
-          hsh[target] = result_for(Bolt::Target.new(target, @inventory), Bolt::Util.walk_keys(result, &:to_sym))
+          hsh[target] = result_for(Bolt::Target.new(target, @inventory), **Bolt::Util.walk_keys(result, &:to_sym))
         end
         raise "Cannot set return values and return block." if @return_block
         @data_set = true

data/lib/bolt_spec/plans/mock_executor.rb

@@ -210,7 +210,7 @@ module BoltSpec
         @allow_apply = true
       end
 
-      def wait_until_available(targets, _options)
+      def wait_until_available(targets, **_options)
         Bolt::ResultSet.new(targets.map { |target| Bolt::Result.new(target) })
       end
 

data/lib/bolt_spec/plans.rb

@@ -103,6 +103,16 @@ module BoltSpec
 
     # Provided as a class so expectations can be placed on it.
     class MockPuppetDBClient
+      def initialize(config)
+        @instance = MockPuppetDBInstance.new(config)
+      end
+
+      def instance(_instance)
+        @instance
+      end
+    end
+
+    class MockPuppetDBInstance
       attr_reader :config
 
       def initialize(config)
@@ -111,7 +121,7 @@ module BoltSpec
     end
 
     def puppetdb_client
-      @puppetdb_client ||= MockPuppetDBClient.new(Bolt::PuppetDB::Config.new({}))
+      @puppetdb_client ||= MockPuppetDBClient.new({})
     end
 
     def run_plan(name, params)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bolt
 version: !ruby/object:Gem::Version
-  version: 3.22.1
+  version: 3.24.0
 platform: ruby
 authors:
 - Puppet
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-03-30 00:00:00.000000000 Z
+date: 2022-06-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -163,6 +163,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '4.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '7.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -170,6 +173,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '4.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '7.0'
 - !ruby/object:Gem::Dependency
   name: net-ssh-krb
   requirement: !ruby/object:Gem::Requirement
@@ -566,6 +572,7 @@ files:
 - lib/bolt/puppetdb.rb
 - lib/bolt/puppetdb/client.rb
 - lib/bolt/puppetdb/config.rb
+- lib/bolt/puppetdb/instance.rb
 - lib/bolt/r10k_log_proxy.rb
 - lib/bolt/rerun.rb
 - lib/bolt/resource_instance.rb
@@ -664,7 +671,7 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - "~>"
+  - - ">="
     - !ruby/object:Gem::Version
       version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement