bolt 3.5.0 → 3.8.0

data/lib/bolt/outputter/json.rb

@@ -83,6 +83,10 @@ module Bolt
         @stream.puts result.to_json
       end
 
+      def print_result_set(result_set)
+        @stream.puts result_set.to_json
+      end
+
       def print_topics(topics)
         print_table('topics' => topics)
       end
@@ -100,12 +104,12 @@ module Bolt
                        moduledir: moduledir.to_s }.to_json)
       end
 
-      def print_targets(target_list, inventoryfile)
+      def print_targets(target_list, inventory_source, default_inventory, _target_flag)
         @stream.puts ::JSON.pretty_generate(
           inventory: {
             targets: target_list[:inventory].map(&:name),
             count: target_list[:inventory].count,
-            file: inventoryfile.to_s
+            file: (inventory_source || default_inventory).to_s
           },
           adhoc: {
             targets: target_list[:adhoc].map(&:name),
@@ -116,14 +120,16 @@ module Bolt
         )
       end
 
-      def print_target_info(targets)
+      def print_target_info(target_list, _inventory_source, _default_inventory, _target_flag)
+        targets = target_list.values.flatten
+
         @stream.puts ::JSON.pretty_generate(
           targets: targets.map(&:detail),
           count: targets.count
         )
       end
 
-      def print_groups(groups)
+      def print_groups(groups, _inventory_source, _default_inventory)
         count = groups.count
         @stream.puts({ groups: groups,
                        count: count }.to_json)

data/lib/bolt/pal.rb

@@ -615,5 +615,50 @@ module Bolt
     rescue Bolt::Error => e
       Bolt::PlanResult.new(e, 'failure')
     end
+
+    def lookup(key, targets, inventory, executor, _concurrency)
+      # Install the puppet-agent package and collect facts. Facts are
+      # automatically added to the targets.
+      in_plan_compiler(executor, inventory, nil) do |compiler|
+        compiler.call_function('apply_prep', targets)
+      end
+
+      overrides = {
+        bolt_inventory: inventory,
+        bolt_project:   @project
+      }
+
+      # Do a lookup with a catalog compiler, which uses the 'hierarchy' key in
+      # Hiera config.
+      results = targets.map do |target|
+        node = Puppet::Node.from_data_hash(
+          'name'       => target.name,
+          'parameters' => { 'clientcert' => target.name }
+        )
+
+        trusted = Puppet::Context::TrustedInformation.local(node).to_h
+
+        env_conf = {
+          modulepath: @modulepath.full_modulepath,
+          facts:      target.facts,
+          variables:  target.vars
+        }
+
+        with_puppet_settings do
+          Puppet::Pal.in_tmp_environment(target.name, **env_conf) do |pal|
+            Puppet.override(overrides) do
+              Puppet.lookup(:pal_current_node).trusted_data = trusted
+              pal.with_catalog_compiler do |compiler|
+                Bolt::Result.for_lookup(target, key, compiler.call_function('lookup', key))
+              rescue StandardError => e
+                Bolt::Result.from_exception(target, e)
+              end
+            end
+          end
+        end
+      end
+
+      Bolt::ResultSet.new(results)
+    end
   end
 end

data/lib/bolt/pal/yaml_plan/step.rb

@@ -122,9 +122,11 @@ module Bolt
               raise StepError.new("Parameters key must be a hash", body['name'], step_number)
             end
 
-            metaparams = option_keys.map { |key| "_#{key}" }
+            metaparams = body['parameters'].keys
+                                           .select { |key| key.start_with?('_') }
+                                           .map { |key| key.sub(/^_/, '') }
 
-            if (dups = body['parameters'].keys & metaparams).any?
+            if (dups = body.keys & metaparams).any?
               raise StepError.new(
                 "Cannot specify metaparameters when using top-level keys with same name: #{dups.join(', ')}",
                 body['name'],

data/lib/bolt/plan_creator.rb

@@ -36,8 +36,8 @@ module Bolt
       prefix, _, basename = segment_plan_name(plan_name)
 
       unless prefix == project.name
-        message = "First segment of plan name '#{plan_name}' must match project name '#{project.name}'. "\
-                  "Did you mean '#{project.name}::#{plan_name}'?"
+        message = "Incomplete plan name: A plan name must be prefixed with the name of the "\
+          "project or module. Did you mean '#{project.name}::#{plan_name}'?"
 
         raise Bolt::ValidationError, message
       end

data/lib/bolt/plugin.rb

@@ -178,8 +178,6 @@ module Bolt
     end
 
     def add_ruby_plugin(plugin_name)
-      raise PluginError::LoadingDisabled, plugin_name unless @load_plugins
-
       cls_name = Bolt::Util.snake_name_to_class_name(plugin_name)
       filename = "bolt/plugin/#{plugin_name}"
       require filename
@@ -203,8 +201,6 @@ module Bolt
       }
 
       mod = modules[plugin_name]
-      raise PluginError::Unknown, plugin_name unless mod&.plugin?
-      raise PluginError::LoadingDisabled, plugin_name unless @load_plugins
 
       plugin = Bolt::Plugin::Module.load(mod, opts)
       add_plugin(plugin)
@@ -224,6 +220,12 @@ module Bolt
       end
     end
 
+    def known_plugin?(plugin_name)
+      @plugins.include?(plugin_name) ||
+        RUBY_PLUGINS.include?(plugin_name) ||
+        (modules.include?(plugin_name) && modules[plugin_name].plugin?)
+    end
+
     def get_hook(plugin_name, hook)
       plugin = by_name(plugin_name)
       raise PluginError::Unknown, plugin_name unless plugin
@@ -235,16 +237,16 @@ module Bolt
 
     # Calling by_name or get_hook will load any module based plugin automatically
     def by_name(plugin_name)
-      return @plugins[plugin_name] if @plugins.include?(plugin_name)
-      begin
-        if RUBY_PLUGINS.include?(plugin_name)
+      if known_plugin?(plugin_name)
+        if @plugins.include?(plugin_name)
+          @plugins[plugin_name]
+        elsif !@load_plugins
+          raise PluginError::LoadingDisabled, plugin_name
+        elsif RUBY_PLUGINS.include?(plugin_name)
           add_ruby_plugin(plugin_name)
-        elsif !@unknown.include?(plugin_name)
+        else
           add_module_plugin(plugin_name)
         end
-      rescue PluginError::Unknown
-        @unknown << plugin_name
-        nil
       end
     end
 

data/lib/bolt/puppetdb/client.rb

@@ -95,6 +95,60 @@ module Bolt
         make_query(query, path)
       end
 
+      # Sends a command to PuppetDB using version 1 of the commands API.
+      # https://puppet.com/docs/puppetdb/latest/api/command/v1/commands.html
+      #
+      # @param command [String] The command to invoke.
+      # @param version [Integer] The version of the command to invoke.
+      # @param payload [Hash] The payload to send with the command.
+      # @return A UUID identifying the submitted command.
+      #
+      def send_command(command, version, payload)
+        command = command.dup.force_encoding('utf-8')
+        body    = JSON.generate(payload)
+
+        # PDB requires the following query parameters to the POST request.
+        # Error early if there's no certname, as PDB does not return a
+        # message indicating it's required.
+        unless payload['certname']
+          raise Bolt::Error.new(
+            "Payload must include 'certname', unable to invoke command.",
+            'bolt/pdb-command'
+          )
+        end
+
+        url = uri.tap do |u|
+          u.path         = 'pdb/cmd/v1'
+          u.query_values = { 'command'  => command,
+                             'version'  => version,
+                             'certname' => payload['certname'] }
+        end
+
+        # Send the command to PDB
+        begin
+          @logger.debug("Sending PuppetDB command '#{command}' to #{url}")
+          response = http_client.post(url.to_s, body: body, header: headers)
+        rescue StandardError => e
+          raise Bolt::PuppetDBFailoverError, "Failed to invoke PuppetDB command: #{e}"
+        end
+
+        @logger.debug("Got response code #{response.code} from PuppetDB")
+        if response.code != 200
+          raise Bolt::PuppetDBError, "Failed to invoke PuppetDB command: #{response.body}"
+        end
+
+        # Return the UUID string from the response body
+        begin
+          JSON.parse(response.body).fetch('uuid', nil)
+        rescue JSON::ParserError
+          raise Bolt::PuppetDBError, "Unable to parse response as JSON: #{response.body}"
+        end
+      rescue Bolt::PuppetDBFailoverError => e
+        @logger.error("Request to puppetdb at #{@current_url} failed with #{e}.")
+        reject_url
+        send_command(command, version, payload)
+      end
+
       def http_client
         return @http if @http
         # lazy-load expensive gem code

data/lib/bolt/result.rb

@@ -28,6 +28,11 @@ module Bolt
       %w[file line].zip(position).to_h.compact
     end
 
+    def self.for_lookup(target, key, value)
+      val = { 'value' => value }
+      new(target, value: val, action: 'lookup', object: key)
+    end
+
     def self.for_command(target, value, action, command, position)
       details = create_details(position)
       unless value['exit_code'] == 0

data/lib/bolt/shell/bash.rb

@@ -396,7 +396,12 @@ module Bolt
         # See if there's a sudo prompt
         if use_sudo
           ready_read = select([err], nil, nil, timeout * 5)
-          read_streams[err] << check_sudo(err, inp, options[:stdin]) if ready_read
+          to_print = check_sudo(err, inp, options[:stdin]) if ready_read
+          unless to_print.nil?
+            log_stream(to_print, 'err')
+            read_streams[err]           << to_print
+            result_output.merged_output << to_print
+          end
         end
 
         # True while the process is running or waiting for IO input
@@ -412,14 +417,7 @@ module Bolt
                        else
                          stream.readpartial(CHUNK_SIZE)
                        end
-
-            if !to_print.chomp.empty? && @stream_logger
-              formatted = to_print.lines.map do |msg|
-                "[#{@target.safe_name}] #{stream_name}: #{msg.chomp}"
-              end.join("\n")
-              @stream_logger.warn(formatted)
-            end
-
+            log_stream(to_print, stream_name)
             read_streams[stream]        << to_print
             result_output.merged_output << to_print
           rescue EOFError
@@ -458,7 +456,13 @@ module Bolt
         # Read any remaining data in the pipe. Do not wait for
         # EOF in case the pipe is inherited by a child process.
         read_streams.each do |stream, _|
-          loop { read_streams[stream] << stream.read_nonblock(CHUNK_SIZE) }
+          stream_name = stream == out ? 'out' : 'err'
+          loop {
+            to_print = stream.read_nonblock(CHUNK_SIZE)
+            log_stream(to_print, stream_name)
+            read_streams[stream]        << to_print
+            result_output.merged_output << to_print
+          }
         rescue Errno::EAGAIN, EOFError
         end
         result_output.stdout << read_streams[out]
@@ -489,6 +493,15 @@ module Bolt
       def sudo_prompt
         '[sudo] Bolt needs to run as another user, password: '
       end
+
+      private def log_stream(to_print, stream_name)
+        if !to_print.chomp.empty? && @stream_logger
+          formatted = to_print.lines.map do |msg|
+            "[#{@target.safe_name}] #{stream_name}: #{msg.chomp}"
+          end.join("\n")
+          @stream_logger.warn(formatted)
+        end
+      end
     end
   end
 end

data/lib/bolt/transport/docker.rb

@@ -2,7 +2,7 @@
 
 require 'json'
 require 'shellwords'
-require 'bolt/transport/base'
+require 'bolt/transport/simple'
 
 module Bolt
   module Transport

data/lib/bolt/transport/docker/connection.rb

@@ -34,6 +34,10 @@ module Bolt
           @container_info["Id"]
         end
 
+        def run_cmd(cmd, env_vars)
+          Bolt::Util.exec_docker(cmd, env_vars)
+        end
+
         private def env_hash
           # Set the DOCKER_HOST if we are using a non-default service-url
           @docker_host.nil? ? {} : { 'DOCKER_HOST' => @docker_host }
@@ -42,8 +46,8 @@ module Bolt
         def connect
           # We don't actually have a connection, but we do need to
           # check that the container exists and is running.
-          output = execute_local_json_command('ps')
-          index = output.find_index { |item| item["ID"] == target.host || item["Names"] == target.host }
+          output = execute_local_json_command('ps', ['--no-trunc'])
+          index = output.find_index { |item| item["ID"].start_with?(target.host) || item["Names"] == target.host }
           raise "Could not find a container with name or ID matching '#{target.host}'" if index.nil?
           # Now find the indepth container information
           output = execute_local_json_command('inspect', [output[index]["ID"]])
@@ -90,7 +94,7 @@ module Bolt
 
         def upload_file(source, destination)
           @logger.trace { "Uploading #{source} to #{destination}" }
-          _out, err, stat = Bolt::Util.exec_docker(['cp', source, "#{container_id}:#{destination}"], env_hash)
+          _out, err, stat = run_cmd(['cp', source, "#{container_id}:#{destination}"], env_hash)
           unless stat.exitstatus.zero?
             raise "Error writing to container #{container_id}: #{err}"
           end
@@ -104,7 +108,7 @@ module Bolt
           # copy the *contents* of the directory.
           # https://docs.docker.com/engine/reference/commandline/cp/
           FileUtils.mkdir_p(destination)
-          _out, err, stat = Bolt::Util.exec_docker(['cp', "#{container_id}:#{source}", destination], env_hash)
+          _out, err, stat = run_cmd(['cp', "#{container_id}:#{source}", destination], env_hash)
           unless stat.exitstatus.zero?
             raise "Error downloading content from container #{container_id}: #{err}"
           end
@@ -119,9 +123,9 @@ module Bolt
         # @param arguments [Array] Arguments to pass to the docker command
         #   e.g. 'src' and 'dest' for `docker cp <src> <dest>
         # @return [Object] Ruby object representation of the JSON string
-        private def execute_local_json_command(subcommand, arguments = [])
+        def execute_local_json_command(subcommand, arguments = [])
           cmd = [subcommand, '--format', '{{json .}}'].concat(arguments)
-          out, _err, _stat = Bolt::Util.exec_docker(cmd, env_hash)
+          out, _err, _stat = run_cmd(cmd, env_hash)
           extract_json(out)
         end
 

data/lib/bolt/transport/podman.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'shellwords'
+require 'bolt/transport/base'
+
+module Bolt
+  module Transport
+    class Podman < Docker
+      def with_connection(target)
+        conn = Connection.new(target)
+        conn.connect
+        yield conn
+      end
+    end
+  end
+end
+
+require 'bolt/transport/podman/connection'

data/lib/bolt/transport/podman/connection.rb

@@ -0,0 +1,98 @@
+# frozen_string_literal: true
+
+require 'logging'
+require 'bolt/node/errors'
+
+module Bolt
+  module Transport
+    class Podman < Docker
+      class Connection < Connection
+        attr_reader :user, :target
+
+        def initialize(target)
+          raise Bolt::ValidationError, "Target #{target.safe_name} does not have a host" unless target.host
+          @target = target
+          @user = ENV['USER'] || Etc.getlogin
+          @logger = Bolt::Logger.logger(target.safe_name)
+          @container_info = {}
+          @logger.trace("Initializing podman connection to #{target.safe_name}")
+        end
+
+        def run_cmd(cmd, env_vars)
+          Bolt::Util.exec_podman(cmd, env_vars)
+        end
+
+        def shell
+          @shell ||= if Bolt::Util.windows?
+                       Bolt::Shell::Powershell.new(target, self)
+                     else
+                       Bolt::Shell::Bash.new(target, self)
+                     end
+        end
+
+        def connect
+          # We don't actually have a connection, but we do need to
+          # check that the container exists and is running.
+          ps = execute_local_json_command('ps')
+          container = Array(ps).find { |item|
+            item["ID"].to_s.eql?(@target.host) ||
+              item["Id"].to_s.start_with?(@target.host) ||
+              Array(item["Names"]).include?(@target.host)
+          }
+          raise "Could not find a container with name or ID matching '#{@target.host}'" if container.nil?
+          # Now find the indepth container information
+          id = container["ID"] || container["Id"]
+          output = execute_local_json_command('inspect', [id])
+          # Store the container information for later
+          @container_info = output.first
+          @logger.trace { "Opened session" }
+          true
+        rescue StandardError => e
+          raise Bolt::Node::ConnectError.new(
+            "Failed to connect to #{target.safe_name}: #{e.message}",
+            'CONNECT_ERROR'
+          )
+        end
+
+        # Executes a command inside the target container. This is called from the shell class.
+        #
+        # @param command [string] The command to run
+        def execute(command)
+          args = []
+          args += %w[--interactive]
+          args += %w[--tty] if target.options['tty']
+          args += @env_vars if @env_vars
+
+          if target.options['shell-command'] && !target.options['shell-command'].empty?
+            # escape any double quotes in command
+            command = command.gsub('"', '\"')
+            command = "#{target.options['shell-command']} \"#{command}\""
+          end
+
+          podman_command = %w[podman exec] + args + [container_id] + Shellwords.split(command)
+          @logger.trace { "Executing: #{podman_command.join(' ')}" }
+
+          Open3.popen3(*podman_command)
+        rescue StandardError
+          @logger.trace { "Command aborted" }
+          raise
+        end
+
+        # Converts the JSON encoded STDOUT string from the podman cli into ruby objects
+        #
+        # @param stdout [String] The string to convert
+        # @return [Object] Ruby object representation of the JSON string
+        private def extract_json(stdout)
+          # Podman renders the output in pretty JSON, which results in a newline
+          # appearing in the output before the closing bracket.
+          # should we only get a single line with no newline at all, we also
+          # assume it is a single minified JSON object
+          stdout.strip!
+          newline = stdout.index("\n") || -1
+          bracket = stdout.index('}') || -1
+          JSON.parse(stdout) if bracket > newline
+        end
+      end
+    end
+  end
+end