bolt 1.26.0 → 1.27.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2431380225c5f60abf51caa85cfa1ee3aeadcf1ef494192e93bfb8f7e175d7f9
-  data.tar.gz: a49aa9489c0992bcaab219b54fe054dd3ef8d078231cf64ed7e039c8c580bb46
+  metadata.gz: ab9cf181769b6ca24ef2b29fc8179d3bf53dec09d017c4e611a2d164d4674dfb
+  data.tar.gz: ff29ec62872a9f46f9ab36a50369255ad0ab2de350bf7867719e4663ba623978
 SHA512:
-  metadata.gz: 2a28ce31a001a91307ce8e31cf4307a7eac3f5027143444eae22a49e406820e808bdffa668a9daad5b52bec76413af55a28c50b2aa439d4516951370d7f15210
-  data.tar.gz: fa64ecb34705bb81e728ce9067928bcde35b51630d672d8666d09766f941c26811466608f03927852061a5848135b7ee2d6725224770f0a743404a6e8840422f
+  metadata.gz: 4013b9347614f3c6959ed0c69ad9a6d3ed61e8cc557198b12e23bdaadc44b297724872b71fe55cdb9e43b37d7c7ccad9df7935ae52f926d2f83c7776d02a4949
+  data.tar.gz: 6190e0d6bc138a4a9da01d37d2771d089587da9279f14673bb22d45b3f87f27e621e281dfb2a0f8e67a38bb2d70342928952c500875febb76f7b8800750fd434

data/bolt-modules/out/lib/puppet/functions/out/message.rb

@@ -2,7 +2,8 @@
 
 # Output a message for the user.
 #
-# This will print a message to stdout when using the human output format.
+# This will print a message to stdout when using the human output format,
+# and print to stderr when using the json output format
 #
 # **NOTE:** Not available in apply block
 Puppet::Functions.create_function(:'out::message') do

data/lib/bolt/analytics.rb

@@ -21,7 +21,9 @@ module Bolt
       statement_count: :cd6,
       resource_mean: :cd7,
       plan_steps: :cd8,
-      return_type: :cd9
+      return_type: :cd9,
+      inventory_version: :cd10,
+      boltdir_type: :cd11
     }.freeze
 
     def self.build_client
@@ -74,7 +76,7 @@ module Bolt
         @user_id = user_id
         @executor = Concurrent.global_io_executor
         @os = compute_os
-        @bundled_content = []
+        @bundled_content = {}
       end
 
       def screen_view(screen, **kwargs)
@@ -92,6 +94,12 @@ module Bolt
         submit(base_params.merge(screen_view_params))
       end
 
+      def report_bundled_content(mode, name)
+        if bundled_content[mode.split.first]&.include?(name)
+          event('Bundled Content', mode, label: name)
+        end
+      end
+
       def event(category, action, label: nil, value: nil, **kwargs)
         custom_dimensions = Bolt::Util.walk_keys(kwargs) do |k|
           CUSTOM_DIMENSIONS[k] || raise("Unknown analytics key '#{k}'")
@@ -177,6 +185,8 @@ module Bolt
         @logger.debug "Skipping submission of '#{screen}' screenview because analytics is disabled"
       end
 
+      def report_bundled_content(mode, name); end
+
       def event(category, action, **_kwargs)
         @logger.debug "Skipping submission of '#{category} #{action}' event because analytics is disabled"
       end

data/lib/bolt/boltdir.rb

@@ -6,10 +6,10 @@ module Bolt
   class Boltdir
     BOLTDIR_NAME = 'Boltdir'
 
-    attr_reader :path, :config_file, :inventory_file, :modulepath, :hiera_config, :puppetfile, :rerunfile
+    attr_reader :path, :config_file, :inventory_file, :modulepath, :hiera_config, :puppetfile, :rerunfile, :type
 
     def self.default_boltdir
-      Boltdir.new(File.join('~', '.puppetlabs', 'bolt'))
+      Boltdir.new(File.join('~', '.puppetlabs', 'bolt'), 'user')
     end
 
     # Search recursively up the directory hierarchy for the Boltdir. Look for a
@@ -19,9 +19,9 @@ module Bolt
     def self.find_boltdir(dir)
       dir = Pathname.new(dir)
       if (dir + BOLTDIR_NAME).directory?
-        new(dir + BOLTDIR_NAME)
+        new(dir + BOLTDIR_NAME, 'embedded')
       elsif (dir + 'bolt.yaml').file?
-        new(dir)
+        new(dir, 'local')
       elsif dir.root?
         default_boltdir
       else
@@ -29,7 +29,7 @@ module Bolt
       end
     end
 
-    def initialize(path)
+    def initialize(path, type = 'option')
       @path = Pathname.new(path).expand_path
       @config_file = @path + 'bolt.yaml'
       @inventory_file = @path + 'inventory.yaml'
@@ -37,6 +37,7 @@ module Bolt
       @hiera_config = @path + 'hiera.yaml'
       @puppetfile = @path + 'Puppetfile'
       @rerunfile = @path + '.rerun.json'
+      @type = type
     end
 
     def to_s

data/lib/bolt/cli.rb

@@ -242,7 +242,7 @@ module Bolt
     end
 
     def plugins
-      @plugins ||= Bolt::Plugin.setup(config, puppetdb_client)
+      @plugins ||= Bolt::Plugin.setup(config, puppetdb_client, analytics)
     end
 
     def query_puppetdb_nodes(query)
@@ -264,9 +264,6 @@ module Bolt
         return 0
       end
 
-      @analytics = Bolt::Analytics.build_client
-      @analytics.bundled_content = bundled_content
-
       screen = "#{options[:subcommand]}_#{options[:action]}"
       # submit a different screen for `bolt task show` and `bolt task show foo`
       if options[:action] == 'show' && options[:object]
@@ -274,7 +271,8 @@ module Bolt
       end
 
       screen_view_fields = {
-        output_format: config.format
+        output_format: config.format,
+        boltdir_type: config.boltdir.type
       }
 
       # Only include target and inventory info for commands that take a targets
@@ -282,10 +280,11 @@ module Bolt
       if options.key?(:targets)
         screen_view_fields.merge!(target_nodes: options[:targets].count,
                                   inventory_nodes: inventory.node_names.count,
-                                  inventory_groups: inventory.group_names.count)
+                                  inventory_groups: inventory.group_names.count,
+                                  inventory_version: inventory.version)
       end
 
-      @analytics.screen_view(screen, screen_view_fields)
+      analytics.screen_view(screen, screen_view_fields)
 
       if options[:action] == 'show'
         if options[:subcommand] == 'task'
@@ -329,7 +328,7 @@ module Bolt
         end
         code = apply_manifest(options[:code], options[:targets], options[:object], options[:noop])
       else
-        executor = Bolt::Executor.new(config.concurrency, @analytics, options[:noop])
+        executor = Bolt::Executor.new(config.concurrency, analytics, options[:noop])
         targets = options[:targets]
 
         results = nil
@@ -380,7 +379,7 @@ module Bolt
     ensure
       # restore original signal handler
       Signal.trap :INT, handler if handler
-      @analytics&.finish
+      analytics&.finish
     end
 
     def show_task(task_name)
@@ -420,8 +419,14 @@ module Bolt
                        params: params }
       plan_context[:description] = options[:description] if options[:description]
 
-      executor = Bolt::Executor.new(config.concurrency, @analytics, options[:noop])
-      executor.subscribe(outputter) if options.fetch(:format, 'human') == 'human'
+      executor = Bolt::Executor.new(config.concurrency, analytics, options[:noop])
+      if options.fetch(:format, 'human') == 'human'
+        executor.subscribe(outputter)
+      else
+        # Only subscribe to out::message events for JSON outputter
+        executor.subscribe(outputter, [:message])
+      end
+
       executor.subscribe(log_outputter)
       executor.start_plan(plan_context)
       result = pal.run_plan(plan_name, plan_arguments, executor, inventory, puppetdb_client)
@@ -438,7 +443,7 @@ module Bolt
     def apply_manifest(code, targets, filename = nil, noop = false)
       ast = pal.parse_manifest(code, filename)
 
-      executor = Bolt::Executor.new(config.concurrency, @analytics, noop)
+      executor = Bolt::Executor.new(config.concurrency, analytics, noop)
       executor.subscribe(outputter) if options.fetch(:format, 'human') == 'human'
       executor.subscribe(log_outputter)
       # apply logging looks like plan logging, so tell the outputter we're in a
@@ -525,20 +530,30 @@ module Bolt
       @log_outputter ||= Bolt::Outputter::Logger.new(options[:verbose], config.trace)
     end
 
+    def analytics
+      @analytics ||= begin
+                       client = Bolt::Analytics.build_client
+                       client.bundled_content = bundled_content
+                       client
+                     end
+    end
+
     def bundled_content
       # We only need to enumerate bundled content when running a task or plan
+      content = { 'Plan' => [],
+                  'Task' => [],
+                  'Plugin' => %w[puppetdb pkcs7 prompt terraform task] }
       if %w[plan task].include?(options[:subcommand]) && options[:action] == 'run'
         default_content = Bolt::PAL.new([], nil)
-        plans = default_content.list_plans.each_with_object([]) do |iter, col|
+        content['Plan'] = default_content.list_plans.each_with_object([]) do |iter, col|
           col << iter&.first
         end
-        tasks = default_content.list_tasks.each_with_object([]) do |iter, col|
+        content['Task'] = default_content.list_tasks.each_with_object([]) do |iter, col|
           col << iter&.first
         end
-        plans.concat tasks
-      else
-        []
       end
+
+      content
     end
   end
 end

data/lib/bolt/config.rb

@@ -31,14 +31,14 @@ module Bolt
   end
 
   class Config
-    attr_accessor :concurrency, :format, :trace, :log, :puppetdb, :color, :save_rerun,
+    attr_accessor :aws, :concurrency, :format, :trace, :log, :puppetdb, :color, :save_rerun,
                   :transport, :transports, :inventoryfile, :compile_concurrency, :boltdir,
                   :puppetfile_config, :plugins
     attr_writer :modulepath
 
     TRANSPORT_OPTIONS = %i[password run-as sudo-password extensions
                            private-key tty tmpdir user connect-timeout
-                           cacert token-file service-url interpreters file-protocol smb-port].freeze
+                           cacert token-file service-url interpreters file-protocol smb-port realm].freeze
 
     PUPPETFILE_OPTIONS = %w[proxy forge].freeze
 
@@ -162,7 +162,7 @@ module Bolt
       # Plugins are only settable from config not inventory so we can overwrite
       @plugins = data['plugins'] if data.key?('plugins')
 
-      %w[concurrency format puppetdb color transport].each do |key|
+      %w[aws concurrency format puppetdb color transport].each do |key|
         send("#{key}=", data[key]) if data.key?(key)
       end
 

data/lib/bolt/executor.rb

@@ -40,7 +40,7 @@ module Bolt
                          end
       end
       @reported_transports = Set.new
-      @subscribers = Set.new
+      @subscribers = {}
       @publisher = Concurrent::SingleThreadExecutor.new
 
       @noop = noop
@@ -61,13 +61,16 @@ module Bolt
       impl.value
     end
 
-    def subscribe(subscriber)
-      @subscribers << subscriber
+    def subscribe(subscriber, types = nil)
+      @subscribers[subscriber] = types
       self
     end
 
     def publish_event(event)
-      @subscribers.each do |subscriber|
+      @subscribers.each do |subscriber, types|
+        # If types isn't set or if the subscriber is subscribed to
+        # that type of event, publish the event
+        next unless types.nil? || types.include?(event[:type])
         @publisher.post(subscriber) do |sub|
           sub.handle_event(event)
         end
@@ -186,9 +189,7 @@ module Bolt
     end
 
     def report_bundled_content(mode, name)
-      if @analytics.bundled_content&.include?(name)
-        @analytics&.event('Bundled Content', mode, label: name)
-      end
+      @analytics.report_bundled_content(mode, name)
     end
 
     def report_apply(statement_count, resource_counts)
@@ -245,7 +246,7 @@ module Bolt
         options = { '_run_as' => run_as }.merge(options) if run_as
 
         batch_execute(targets) do |transport, batch|
-          with_node_logging("Running script #{script} with '#{arguments}'", batch) do
+          with_node_logging("Running script #{script} with '#{arguments.to_json}'", batch) do
             transport.batch_script(batch, script, arguments, options, &method(:publish_event))
           end
         end
@@ -259,7 +260,7 @@ module Bolt
         arguments['_task'] = task.name
 
         batch_execute(targets) do |transport, batch|
-          with_node_logging("Running task #{task.name} with '#{arguments}'", batch) do
+          with_node_logging("Running task #{task.name} with '#{arguments.to_json}'", batch) do
             transport.batch_task(batch, task, arguments, options, &method(:publish_event))
           end
         end

data/lib/bolt/inventory.rb

@@ -90,6 +90,10 @@ module Bolt
       @groups.validate
     end
 
+    def version
+      1
+    end
+
     def collect_groups
       # Provide a lookup map for finding a group by name
       @group_lookup = @groups.collect_groups

data/lib/bolt/inventory/group2.rb

@@ -98,18 +98,27 @@ module Bolt
       def config_only_plugin(data)
         Bolt::Util.walk_vals(data) do |value|
           if value.is_a?(Hash) && value.include?('_plugin')
-            unless (plugin = @plugins.by_name(value['_plugin']))
-              raise ValidationError.new("Config lookup specifies an unknown plugin: #{value['_plugin'].inspect}", @name)
+            plugin_name = value['_plugin']
+            begin
+              hook = @plugins.get_hook(plugin_name, :inventory_config)
+            rescue Bolt::Plugin::PluginError => e
+              raise ValidationError.new(e.message, @name)
             end
-            unless plugin.hooks.include?('inventory_config')
-              raise ValidationError.new("#{plugin.name} does not support inventory_config.", @name)
+
+            begin
+              validate_proc = @plugins.get_hook(plugin_name, :validate_inventory_config)
+            rescue Bolt::Plugin::PluginError
+              validate_proc = proc { |*args| }
             end
-            plugin.validate_inventory_config(value) if plugin.respond_to?(:validate_inventory_config)
+
+            validate_proc.call(value)
+
             Concurrent::Delay.new do
               begin
-                plugin.inventory_config(value)
+                hook.call(value)
               rescue StandardError => e
-                raise Bolt::Plugin::PluginError.new(e.message, plugin, "inventory_targets in #{@name}")
+                loc = "inventory_config in #{@name}"
+                raise Bolt::Plugin::PluginError::ExecutionError.new(e.message, plugin_name, loc)
               end
             end
           else
@@ -200,17 +209,17 @@ module Bolt
       end
 
       def lookup_targets(lookup)
-        unless (plugin = @plugins.by_name(lookup['_plugin']))
-          raise ValidationError.new("Target lookup specifies an unknown plugin: '#{lookup['plugin']}'", @name)
-        end
-        unless plugin.hooks.include?('inventory_targets')
-          raise ValidationError.new("#{plugin.name} does not support inventory_targets.", @name)
+        begin
+          hook = @plugins.get_hook(lookup['_plugin'], :inventory_targets)
+        rescue Bolt::Plugin::PluginError => e
+          raise ValidationError.new(e.message, @name)
         end
 
         begin
-          targets = plugin.inventory_targets(lookup)
+          targets = hook.call(lookup)
         rescue StandardError => e
-          raise Bolt::Plugin::PluginError.new(e.message, plugin, "inventory_targets in #{@name}")
+          loc = "inventory_targets in #{@name}"
+          raise Bolt::Plugin::PluginError::ExecutionError.new(e.message, lookup['_plugin'], loc)
         end
 
         targets.each { |target| add_target(target) }

data/lib/bolt/inventory/inventory2.rb

@@ -30,6 +30,10 @@ module Bolt
         @groups.validate
       end
 
+      def version
+        2
+      end
+
       def collect_groups
         # Provide a lookup map for finding a group by name
         @group_lookup = @groups.collect_groups

data/lib/bolt/outputter/json.rb

@@ -21,6 +21,8 @@ module Bolt
         case event[:type]
         when :node_result
           print_result(event[:result])
+        when :message
+          print_message_event(event)
         end
       end
 
@@ -106,7 +108,13 @@ module Bolt
         @stream.puts '}' if @object_open
       end
 
-      def print_message(message); end
+      def print_message_event(event)
+        print_message(event[:message])
+      end
+
+      def print_message(message)
+        $stderr.puts(message)
+      end
     end
   end
 end

data/lib/bolt/plugin.rb

@@ -5,27 +5,45 @@ require 'bolt/plugin/terraform'
 require 'bolt/plugin/pkcs7'
 require 'bolt/plugin/prompt'
 require 'bolt/plugin/task'
+require 'bolt/plugin/aws'
 
 module Bolt
   class Plugin
     class PluginError < Bolt::Error
-      def initialize(msg, plugin, hook)
-        mess = "Error executing plugin: #{plugin.name} from #{hook}: #{msg}"
-        super(mess, 'bolt/plugin-error')
+      class ExecutionError < PluginError
+        def initialize(msg, plugin_name, location)
+          mess = "Error executing plugin: #{plugin_name} from #{location}: #{msg}"
+          super(mess, 'bolt/plugin-error')
+        end
+      end
+
+      class Unknown < PluginError
+        def initialize(plugin_name)
+          super("Unknown plugin: '#{plugin_name}'", 'bolt/unknown-plugin')
+        end
+      end
+
+      class UnsupportedHook < PluginError
+        def initialize(plugin_name, hook)
+          super("Plugin #{plugin_name} does not support #{hook}", 'bolt/unsupported-hook')
+        end
       end
     end
 
-    def self.setup(config, pdb_client)
-      plugins = new(config)
+    def self.setup(config, pdb_client, analytics)
+      plugins = new(config, analytics)
       plugins.add_plugin(Bolt::Plugin::Puppetdb.new(pdb_client))
       plugins.add_plugin(Bolt::Plugin::Terraform.new)
       plugins.add_plugin(Bolt::Plugin::Prompt.new)
       plugins.add_plugin(Bolt::Plugin::Pkcs7.new(config.boltdir.path, config.plugins['pkcs7'] || {}))
       plugins.add_plugin(Bolt::Plugin::Task.new(config))
+      plugins.add_plugin(Bolt::Plugin::Aws::EC2.new(config))
       plugins
     end
 
-    def initialize(_config)
+    def initialize(config, analytics)
+      @config = config
+      @analytics = analytics
       @plugins = {}
     end
 
@@ -33,8 +51,13 @@ module Bolt
       @plugins[plugin.name] = plugin
     end
 
-    def for_hook(hook)
-      @plugins.filter { |_n, plug| plug.hooks.include? hook }
+    def get_hook(plugin_name, hook)
+      plugin = by_name(plugin_name)
+      raise PluginError::Unknown, plugin_name unless plugin
+      raise PluginError::UnsupportedHook.new(plugin_name, hook) unless plugin.respond_to?(hook)
+      @analytics.report_bundled_content("Plugin #{hook}", plugin_name)
+
+      plugin.method(hook)
     end
 
     def by_name(plugin_name)

data/lib/bolt/plugin/aws.rb

@@ -0,0 +1,103 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module Bolt
+  class Plugin
+    class Aws
+      class EC2
+        attr_accessor :client
+        attr_reader :config
+
+        def initialize(config)
+          require 'aws-sdk-ec2'
+          @config = config
+          @logger = Logging.logger[self]
+        end
+
+        def name
+          'aws::ec2'
+        end
+
+        def hooks
+          %w[inventory_targets]
+        end
+
+        def config_client(opts)
+          return client if client
+
+          options = {}
+
+          if opts.key?('region')
+            options[:region] = opts['region']
+          end
+          if opts.key?('profile')
+            options[:profile] = opts['profile']
+          end
+          if config.aws&.key?('credentials')
+            creds = File.expand_path(config.aws['credentials'])
+            if File.exist?(creds)
+              options[:credentials] = ::Aws::SharedCredentials.new(path: creds)
+            else
+              raise Bolt::ValidationError, "Cannot load credentials file #{config.aws['credentials']}"
+            end
+          end
+
+          ::Aws::EC2::Client.new(options)
+        end
+
+        def inventory_targets(opts)
+          client = config_client(opts)
+          resource = ::Aws::EC2::Resource.new(client: client)
+
+          # Retrieve a list of EC2 instances and create a list of targets
+          # Note: It doesn't seem possible to filter stubbed responses...
+          resource.instances(filters: opts['filters']).map do |instance|
+            next unless instance.state.name == 'running'
+            target = {}
+
+            if opts.key?('uri')
+              uri = lookup(instance, opts['uri'])
+              target['uri'] = uri if uri
+            end
+            if opts.key?('name')
+              real_name = lookup(instance, opts['name'])
+              target['name'] = real_name if real_name
+            end
+            if opts.key?('config')
+              target['config'] = resolve_config(instance, opts['config'])
+            end
+
+            target if target['uri'] || target['name']
+          end.compact
+        end
+
+        # Look for an instance attribute specified in the inventory file
+        def lookup(instance, attribute)
+          value = instance.data.respond_to?(attribute) ? instance.data[attribute] : nil
+          unless value
+            warn_missing_attribute(instance, attribute)
+          end
+          value
+        end
+
+        def warn_missing_attribute(instance, attribute)
+          @logger.warn("Could not find attribute #{attribute} of instance #{instance.instance_id}")
+        end
+
+        # Walk the "template" config mapping provided in the plugin config and
+        # replace all values with the corresponding value from the resource
+        # parameters.
+        def resolve_config(name, config_template)
+          Bolt::Util.walk_vals(config_template) do |value|
+            if value.is_a?(String)
+              lookup(name, value)
+            else
+              value
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/bolt/secret.rb

@@ -3,14 +3,15 @@
 module Bolt
   class Secret
     def self.execute(plugins, outputter, options)
-      enc = plugins.by_name('pkcs7')
       case options[:action]
       when 'createkeys'
-        enc.secret_createkeys
+        plugins.get_hook('pkcs7', :secret_createkeys).call
       when 'encrypt'
-        outputter.print_message(enc.secret_encrypt('plaintext-value' => options[:object]))
+        encrypted = plugins.get_hook('pkcs7', :secret_encrypt).call('plaintext-value' => options[:object])
+        outputter.print_message(encrypted)
       when 'decrypt'
-        outputter.print_message(enc.secret_decrypt('encrypted-value' => options[:object]))
+        decrypted = plugins.get_hook('pkcs7', :secret_decrypt).call('encrypted-value' => options[:object])
+        outputter.print_message(decrypted)
       end
 
       0

data/lib/bolt/transport/local_windows.rb

@@ -101,7 +101,7 @@ module Bolt
       def run_script(target, script, arguments, options = {})
         self.class.validate(options)
         with_tmpscript(File.absolute_path(script), target.options['tmpdir']) do |file, dir|
-          logger.debug "Running '#{file}' with #{arguments}"
+          logger.debug "Running '#{file}' with #{arguments.to_json}"
 
           # unpack any Sensitive data AFTER we log
           arguments = unwrap_sensitive_args(arguments)
@@ -152,7 +152,7 @@ module Bolt
           interpreter = select_interpreter(script, target.options['interpreters'])
           interpreter_debug = interpreter ? " using '#{interpreter}' interpreter" : nil
           # log the arguments with sensitive data redacted, do NOT log unwrapped_arguments
-          logger.debug("Running '#{script}' with #{arguments}#{interpreter_debug}")
+          logger.debug("Running '#{script}' with #{arguments.to_json}#{interpreter_debug}")
           unwrapped_arguments = unwrap_sensitive_args(arguments)
 
           stdin = STDIN_METHODS.include?(input_method) ? JSON.dump(unwrapped_arguments) : nil

data/lib/bolt/transport/sudoable.rb

@@ -91,7 +91,7 @@ module Bolt
                                   " using '#{execute_options[:interpreter]}' interpreter"
                                 end
             # log the arguments with sensitive data redacted, do NOT log unwrapped_arguments
-            logger.debug("Running '#{executable}' with #{arguments}#{interpreter_debug}")
+            logger.debug("Running '#{executable}' with #{arguments.to_json}#{interpreter_debug}")
             # unpack any Sensitive data
             arguments = unwrap_sensitive_args(arguments)
 

data/lib/bolt/transport/winrm.rb

@@ -10,7 +10,7 @@ module Bolt
       def self.options
         %w[
           host port user password connect-timeout ssl ssl-verify tmpdir
-          cacert extensions interpreters file-protocol smb-port
+          cacert extensions interpreters file-protocol smb-port realm
         ]
       end
 

data/lib/bolt/transport/winrm/connection.rb

@@ -38,13 +38,17 @@ module Bolt
             scheme = 'http'
             transport = :negotiate
           end
+
+          transport = :kerberos if target.options['realm']
           endpoint = "#{scheme}://#{target.host}:#{@port}/wsman"
           options = { endpoint: endpoint,
-                      user: @user,
-                      password: target.password,
+                      # https://github.com/WinRb/WinRM/issues/270
+                      user: target.options['realm'] ? 'dummy' : @user,
+                      password: target.options['realm'] ? 'dummy' : target.password,
                       retry_limit: 1,
                       transport: transport,
                       ca_trust_path: target.options['cacert'],
+                      realm: target.options['realm'],
                       no_ssl_peer_verification: !target.options['ssl-verify'] }
 
           Timeout.timeout(target.options['connect-timeout']) do

data/lib/bolt/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Bolt
-  VERSION = '1.26.0'
+  VERSION = '1.27.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bolt
 version: !ruby/object:Gem::Version
-  version: 1.26.0
+  version: 1.27.0
 platform: ruby
 authors:
 - Puppet
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-07-09 00:00:00.000000000 Z
+date: 2019-07-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -24,6 +24,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.5'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-ec2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
 - !ruby/object:Gem::Dependency
   name: CFPropertyList
   requirement: !ruby/object:Gem::Requirement
@@ -396,6 +410,7 @@ files:
 - lib/bolt/pal/yaml_plan/transpiler.rb
 - lib/bolt/plan_result.rb
 - lib/bolt/plugin.rb
+- lib/bolt/plugin/aws.rb
 - lib/bolt/plugin/pkcs7.rb
 - lib/bolt/plugin/prompt.rb
 - lib/bolt/plugin/puppetdb.rb