bolt 3.26.1 → 3.27.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '0591d13a9aa93f3c96585985ffdf1619c29f3f13130cbde98e1b24a1a357b84b'
-  data.tar.gz: 3fe46914478ad07fab90348eb0464a5e45f5c10fa5f921baf3fa089f8d17cad3
+  metadata.gz: c17b8b0fb4276ed447b6da76d98053171f4d5fda8503233035b919394add9e94
+  data.tar.gz: db0861f045bc751bd69e0da10fe7708b6b0186c5fe1e35e252b383ff935b77f4
 SHA512:
-  metadata.gz: a12e686a2ce4a3a15f22e2d45f8210eb6211c910e49e59377e37165554ae5f776c4827dfdb93984d8acdd6295cb7c31f49a090a4239ecc2150bff27f2aeb2bbc
-  data.tar.gz: 5f6ccddd83c3026b1a34be7ab439d800f82cb997f179ab9967ead53c87b5141f2419dce5ae0a29ad17fc4257b294856e39aa61916fca4cbb907919520ad8fbf3
+  metadata.gz: af08780fd019620d3db858eb34387a38a0ef195d9ab56cfc2bc1e6629e1b86fcd2301b489facd81a77915a914d95eb017d5e88ec7443e66c74c72c148f334c5f
+  data.tar.gz: d01bb8cb30bcfd2a48e9537311b6208e8c7340e02b1101745ffe52affdf1503cf7754de7918b179af033aaa3303e9b4f381d460083cc302864f0747f4bc79d6b

data/lib/bolt/config/options.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require_relative '../../bolt/config/transport/docker'
+require_relative '../../bolt/config/transport/jail'
 require_relative '../../bolt/config/transport/local'
 require_relative '../../bolt/config/transport/lxd'
 require_relative '../../bolt/config/transport/orch'
@@ -16,6 +17,7 @@ module Bolt
       # gets passed along to the inventory.
       TRANSPORT_CONFIG = {
         'docker' => Bolt::Config::Transport::Docker,
+        'jail'   => Bolt::Config::Transport::Jail,
         'local'  => Bolt::Config::Transport::Local,
         'lxd'    => Bolt::Config::Transport::LXD,
         'pcp'    => Bolt::Config::Transport::Orch,
@@ -550,6 +552,12 @@ module Bolt
           _plugin: true,
           _example: { "cleanup" => false, "service-url" => "https://docker.example.com" }
         },
+        "jail" => {
+          description: "A map of configuration options for the jail transport.",
+          type: Hash,
+          _plugin: true,
+          _example: { cleanup: false }
+        },
         "local" => {
           description: "A map of configuration options for the local transport. The set of available options is "\
                        "platform dependent.",

data/lib/bolt/config/transport/jail.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require_relative '../../../bolt/error'
+require_relative '../../../bolt/config/transport/base'
+
+module Bolt
+  class Config
+    module Transport
+      class Jail < Base
+        OPTIONS = %w[
+          cleanup
+          host
+          interpreters
+          shell-command
+          tmpdir
+          user
+        ].concat(RUN_AS_OPTIONS).sort.freeze
+
+        DEFAULTS = {
+          'cleanup' => true
+        }.freeze
+
+        private def validate
+          super
+
+          if @config['interpreters']
+            @config['interpreters'] = normalize_interpreters(@config['interpreters'])
+          end
+        end
+      end
+    end
+  end
+end

data/lib/bolt/executor.rb

@@ -14,6 +14,7 @@ require_relative '../bolt/result'
 require_relative '../bolt/result_set'
 # Load transports
 require_relative '../bolt/transport/docker'
+require_relative '../bolt/transport/jail'
 require_relative '../bolt/transport/local'
 require_relative '../bolt/transport/lxd'
 require_relative '../bolt/transport/orch'
@@ -25,6 +26,7 @@ require_relative '../bolt/transport/winrm'
 module Bolt
   TRANSPORTS = {
     docker: Bolt::Transport::Docker,
+    jail: Bolt::Transport::Jail,
     local: Bolt::Transport::Local,
     lxd: Bolt::Transport::LXD,
     pcp: Bolt::Transport::Orch,

data/lib/bolt/shell/bash.rb

@@ -356,7 +356,7 @@ module Bolt
           if defined? conn.add_env_vars
             conn.add_env_vars(options[:environment])
           else
-            env_decl = options[:environment].map do |env, val|
+            env_decl = '/usr/bin/env ' + options[:environment].map do |env, val|
               "#{env}=#{Shellwords.shellescape(val)}"
             end.join(' ')
           end

data/lib/bolt/transport/jail/connection.rb

@@ -0,0 +1,81 @@
+# frozen_string_literal: true
+
+require 'logging'
+require_relative '../../../bolt/node/errors'
+
+module Bolt
+  module Transport
+    class Jail < Simple
+      class Connection
+        attr_reader :user, :target
+
+        def initialize(target)
+          raise Bolt::ValidationError, "Target #{target.safe_name} does not have a host" unless target.host
+          @target = target
+          @user = @target.user || ENV['USER'] || Etc.getlogin
+          @logger = Bolt::Logger.logger(target.safe_name)
+          @jail_info = {}
+          @logger.trace("Initializing jail connection to #{target.safe_name}")
+        end
+
+        def shell
+          @shell ||= Bolt::Shell::Bash.new(target, self)
+        end
+
+        def reset_cwd?
+          true
+        end
+
+        def jail_id
+          @jail_info['jid'].to_s
+        end
+
+        def jail_path
+          @jail_info['path']
+        end
+
+        def connect
+          output = JSON.parse(`jls --libxo=json`)
+          @jail_info = output['jail-information']['jail'].select { |jail| jail['hostname'] == target.host }.first
+          raise "Could not find a jail with name matching #{target.host}" if @jail_info.nil?
+          @logger.trace { "Opened session" }
+          true
+        rescue StandardError => e
+          raise Bolt::Node::ConnectError.new(
+            "Failed to connect to #{target.safe_name}: #{e.message}",
+            'CONNECT_ERROR'
+          )
+        end
+
+        def execute(command)
+          args = ['-lU', @user]
+
+          jail_command = %w[jexec] + args + [jail_id] + Shellwords.split(command)
+          @logger.trace { "Executing #{jail_command.join(' ')}" }
+
+          Open3.popen3({}, *jail_command)
+        rescue StandardError
+          @logger.trace { "Command aborted" }
+          raise
+        end
+
+        def upload_file(source, destination)
+          @logger.trace { "Uploading #{source} to #{destination}" }
+          jail_destination = File.join(jail_path, destination)
+          FileUtils.cp(source, jail_destination)
+        rescue StandardError => e
+          raise Bolt::Node::FileError.new(e.message, 'WRITE_ERROR')
+        end
+
+        def download_file(source, destination, _download)
+          @logger.trace { "Downloading #{source} to #{destination}" }
+          jail_source = File.join(jail_path, source)
+          FileUtils.mkdir_p(destination)
+          FileUtils.cp(jail_source, destination)
+        rescue StandardError => e
+          raise Bolt::Node::FileError.new(e.message, 'WRITE_ERROR')
+        end
+      end
+    end
+  end
+end

data/lib/bolt/transport/jail.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require_relative '../../bolt/transport/simple'
+
+module Bolt
+  module Transport
+    class Jail < Simple
+      def provided_features
+        ['shell']
+      end
+
+      def with_connection(target)
+        conn = Connection.new(target)
+        conn.connect
+        yield conn
+      end
+    end
+  end
+end
+
+require_relative 'jail/connection'

data/lib/bolt/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Bolt
-  VERSION = '3.26.1'
+  VERSION = '3.27.1'
 end

data/lib/bolt_server/schemas/action-run_task.json

@@ -9,7 +9,11 @@
       "type": "object",
       "description": "JSON formatted parameters to be provided to task"
     },
-    "target": { "$ref": "partial:target-any" }
+    "target": { "$ref": "partial:target-any" },
+    "timeout": {
+      "type": "integer",
+      "description": "Number of seconds to wait before abandoning the task execution on the tartet."
+    }
   },
   "required": ["target", "task"],
   "additionalProperties": false

data/lib/bolt_server/transport_app.rb

@@ -9,7 +9,6 @@ require 'bolt/project'
 require 'bolt/target'
 require 'bolt_server/file_cache'
 require 'bolt_server/plugin'
-require 'bolt_server/plugin/puppet_connect_data'
 require 'bolt_server/request_error'
 require 'bolt/task/puppet_server'
 require 'json'
@@ -42,7 +41,6 @@ module BoltServer
       action-upload_file
       transport-ssh
       transport-winrm
-      connect-data
       action-apply_prep
       action-apply
     ].freeze
@@ -126,7 +124,17 @@ module BoltServer
       end
     end
 
-    def task_helper(target, task, parameters)
+    def unwrap_sensitive_results(result_set)
+      # Take a ResultSet and unwrap sensitive values
+      result_set.each do |result|
+        value = result.value
+        next unless value.is_a?(Hash)
+        next unless value.key?('_sensitive')
+        value['_sensitive'] = value['_sensitive'].unwrap
+      end
+    end
+
+    def task_helper(target, task, parameters, timeout = nil)
       # Wrap parameters marked with '"sensitive": true' in the task metadata with a
       # Sensitive wrapper type. This way it's not shown in logs.
       if (param_spec = task.parameters)
@@ -137,11 +145,20 @@ module BoltServer
         end
       end
 
-      @executor.run_task(target, task, parameters).each do |result|
-        value = result.value
-        next unless value.is_a?(Hash)
-        next unless value.key?('_sensitive')
-        value['_sensitive'] = value['_sensitive'].unwrap
+      if timeout && timeout > 0
+        task_thread = Thread.new do
+          unwrap_sensitive_results(@executor.run_task(target, task, parameters))
+        end
+        # Wait for the timeout for the task to execute in the thread. If `join` times out, result will be nil.
+        if task_thread.join(timeout).nil?
+          task_thread.kill
+          raise Bolt::Error.new("Task execution on #{target.first.safe_name} timed out after #{timeout} seconds",
+                                'boltserver/task-timeout')
+        else
+          task_thread.value
+        end
+      else
+        unwrap_sensitive_results(@executor.run_task(target, task, parameters))
       end
     end
 
@@ -150,7 +167,7 @@ module BoltServer
 
       task_data = body['task']
       task = Bolt::Task::PuppetServer.new(task_data['name'], task_data['metadata'], task_data['files'], @file_cache)
-      task_helper(target, task, body['parameters'] || {})
+      task_helper(target, task, body['parameters'] || {}, body['timeout'])
     end
 
     def extract_install_task(target)
@@ -825,53 +842,6 @@ module BoltServer
       [500, e.message]
     end
 
-    # Returns a list of targets parsed from a Project inventory
-    #
-    # @param versioned_project [String] the versioned_project to compute the inventory from
-    post '/project_inventory_targets' do
-      content_type :json
-      body = JSON.parse(request.body.read)
-      validate_schema(@schemas["connect-data"], body)
-      in_bolt_project(body['versioned_project']) do |context|
-        if context[:config].inventoryfile &&
-           context[:config].project.inventory_file.to_s !=
-           context[:config].inventoryfile
-          raise Bolt::ValidationError, "Project inventory must be defined in the " \
-            "inventory.yaml file at the root of the project directory"
-        end
-
-        Bolt::Util.validate_file('inventory file', context[:config].project.inventory_file)
-
-        begin
-          # Set the default puppet_library plugin hook if it has not already been
-          # set
-          context[:config].data['plugin-hooks']['puppet_library'] ||= {
-            'plugin'     => 'task',
-            'task'       => 'puppet_agent::install',
-            'parameters' => {
-              'stop_service' => true
-            }
-          }
-
-          connect_plugin = BoltServer::Plugin::PuppetConnectData.new(body['puppet_connect_data'])
-          plugins = Bolt::Plugin.new(context[:config], context[:pal], load_plugins: false)
-          plugins.add_plugin(connect_plugin)
-          %w[aws_inventory azure_inventory gcloud_inventory].each do |plugin_name|
-            plugins.add_module_plugin(plugin_name) if plugins.known_plugin?(plugin_name)
-          end
-          inventory = Bolt::Inventory.from_config(context[:config], plugins)
-          target_list = inventory.get_targets('all').map do |targ|
-            targ.to_h.merge({ 'transport' => targ.transport, 'plugin_hooks' => targ.plugin_hooks })
-          end
-        rescue Bolt::Plugin::PluginError::LoadingDisabled => e
-          msg = "Cannot load plugin #{e.details['plugin_name']}: plugin not supported"
-          raise BoltServer::Plugin::PluginNotSupported.new(msg, e.details['plugin_name'])
-        end
-
-        [200, target_list.to_json]
-      end
-    end
-
     # Returns the base64 encoded tar archive of plugin code that is needed to calculate
     # custom facts
     #

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bolt
 version: !ruby/object:Gem::Version
-  version: 3.26.1
+  version: 3.27.1
 platform: ruby
 authors:
 - Puppet
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-08-16 00:00:00.000000000 Z
+date: 2023-03-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -59,6 +59,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 1.2.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -66,6 +69,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 1.2.0
 - !ruby/object:Gem::Dependency
   name: ffi
   requirement: !ruby/object:Gem::Requirement
@@ -165,7 +171,7 @@ dependencies:
         version: '4.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '7.0'
+        version: '8.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -175,7 +181,7 @@ dependencies:
         version: '4.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '7.0'
+        version: '8.0'
 - !ruby/object:Gem::Dependency
   name: net-ssh-krb
   requirement: !ruby/object:Gem::Requirement
@@ -256,16 +262,22 @@ dependencies:
   name: puppet-strings
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '2.3'
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '2.3'
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: r10k
   requirement: !ruby/object:Gem::Requirement
@@ -368,16 +380,16 @@ dependencies:
   name: puppetlabs_spec_helper
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "<="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.15.0
+        version: '5.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "<="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.15.0
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -503,6 +515,7 @@ files:
 - lib/bolt/config/options.rb
 - lib/bolt/config/transport/base.rb
 - lib/bolt/config/transport/docker.rb
+- lib/bolt/config/transport/jail.rb
 - lib/bolt/config/transport/local.rb
 - lib/bolt/config/transport/lxd.rb
 - lib/bolt/config/transport/options.rb
@@ -600,6 +613,8 @@ files:
 - lib/bolt/transport/base.rb
 - lib/bolt/transport/docker.rb
 - lib/bolt/transport/docker/connection.rb
+- lib/bolt/transport/jail.rb
+- lib/bolt/transport/jail/connection.rb
 - lib/bolt/transport/local.rb
 - lib/bolt/transport/local/connection.rb
 - lib/bolt/transport/lxd.rb
@@ -634,7 +649,6 @@ files:
 - lib/bolt_server/schemas/action-run_script.json
 - lib/bolt_server/schemas/action-run_task.json
 - lib/bolt_server/schemas/action-upload_file.json
-- lib/bolt_server/schemas/connect-data.json
 - lib/bolt_server/schemas/partials/target-any.json
 - lib/bolt_server/schemas/partials/target-ssh.json
 - lib/bolt_server/schemas/partials/target-winrm.json
@@ -690,7 +704,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.9
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: Execute commands remotely over SSH and WinRM

data/lib/bolt_server/schemas/connect-data.json

@@ -1,25 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-04/schema#",
-  "title": "project_inventory_targets connect plugin data",
-  "description": "POST project_inventory_targets connect plugin data",
-  "type": "object",
-  "properties": {
-    "puppet_connect_data": {
-      "type": "object",
-      "patternProperties": {
-        ".*": {
-          "type": "object",
-          "properties": {
-            "value": {}
-          },
-          "required": ["value"]
-        }
-      },
-      "additionalProperties": false
-    },
-    "versioned_project": {
-      "type": "string"
-    }
-  },
-  "required": ["puppet_connect_data", "versioned_project"]
-}