bolt 2.26.0 → 2.27.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 195c9ad94788e4811c9a90accb11515fc707346106827e15ef71995b016efbcc
-  data.tar.gz: 7259f2a7b9af58dab4b4f8224360fe8f1570e042c43b6becb183a0dd1257d91e
+  metadata.gz: 851cd71cf3bbdd91a522f123db238205ca21875c7d1c9bf1eefe4850399ffb5d
+  data.tar.gz: 4ec2ca689f05d37ccbc1cd3962edae53dfcda79c0a58facd9a2f228af5df914c
 SHA512:
-  metadata.gz: 2092172d760e7a806e865a3a1315ec2687cff1835b8b44addec9de208711a16be2193ff570a9cae65a620b6d9203575ccb64c2798c71509dd2fc1a0d41ca3399
-  data.tar.gz: 77828dd923626abe08c0bbf8ef0f30175462aab55a8584127359dde412f37b17d7cd952a4bd1be2ce115f47db4f8d6f4269eb455f063ff01ee1297a4637c03c8
+  metadata.gz: 3d595d36833a70860c7c997fff4cc55ce682dd3b3b9c4fc5e7b36067cbb73a665e65d473097993963f8409eb5a06a25b5b834de9dff6f42ad8e244972ab0ac4e
+  data.tar.gz: d136cd117711e3a103480b7cae52661e8ad3beef5023552f3bbaa8235e8f795410e13a1955290c7313fb6f7fced1485b275b8430a0d5c81297e11e1ff911f458

data/lib/bolt/analytics.rb

@@ -93,6 +93,10 @@ module Bolt
     def self.write_config(filename, config)
       FileUtils.mkdir_p(File.dirname(filename))
       File.write(filename, config.to_yaml)
+    rescue StandardError => e
+      Bolt::Logger.warn_once('unwriteable_file', "Could not write analytics configuration to #{filename}.")
+      # This will get caught by build_client and create a NoopClient
+      raise e
     end
 
     class Client

data/lib/bolt/applicator.rb

@@ -75,23 +75,24 @@ module Bolt
       end
     end
 
-    def compile(target, catalog_input)
+    def compile(target, scope)
       # This simplified Puppet node object is what .local uses to determine the
       # certname of the target
       node = Puppet::Node.from_data_hash('name' => target.name,
                                          'parameters' => { 'clientcert' => target.name })
       trusted = Puppet::Context::TrustedInformation.local(node)
-      catalog_input[:target] = {
+      target_data = {
         name: target.name,
         facts: @inventory.facts(target).merge('bolt' => true),
         variables: @inventory.vars(target),
         trusted: trusted.to_h
       }
+      catalog_request = scope.merge(target: target_data)
 
       bolt_catalog_exe = File.join(libexec, 'bolt_catalog')
       old_path = ENV['PATH']
       ENV['PATH'] = "#{RbConfig::CONFIG['bindir']}#{File::PATH_SEPARATOR}#{old_path}"
-      out, err, stat = Open3.capture3('ruby', bolt_catalog_exe, 'compile', stdin_data: catalog_input.to_json)
+      out, err, stat = Open3.capture3('ruby', bolt_catalog_exe, 'compile', stdin_data: catalog_request.to_json)
       ENV['PATH'] = old_path
 
       # If bolt_catalog does not return valid JSON, we should print stderr to
@@ -192,7 +193,7 @@ module Bolt
         plan_vars: plan_vars,
         # This data isn't available on the target config hash
         config: @inventory.transport_data_get
-      }
+      }.freeze
       description = options[:description] || 'apply catalog'
 
       required_modules = options[:required_modules].nil? ? nil : Array(options[:required_modules])

data/lib/bolt/bolt_option_parser.rb

@@ -64,6 +64,15 @@ module Bolt
       when 'guide'
         { flags: OPTIONS[:global] + %w[format],
           banner: GUIDE_HELP }
+      when 'module'
+        case action
+        when 'install'
+          { flags: OPTIONS[:global] + %w[configfile force project],
+            banner: MODULE_INSTALL_HELP }
+        else
+          { flags: OPTIONS[:global],
+            banner: MODULE_HELP }
+        end
       when 'plan'
         case action
         when 'convert'
@@ -341,6 +350,35 @@ module Bolt
           Show the list of targets an action would run on.
     HELP
 
+    MODULE_HELP = <<~HELP
+      NAME
+          module
+      
+      USAGE
+          bolt module <action> [options]
+
+      DESCRIPTION
+          Install the project's modules
+
+      ACTIONS
+          install       Install the project's modules
+    HELP
+
+    MODULE_INSTALL_HELP = <<~HELP
+      NAME
+          install
+      
+      USAGE
+          bolt module install [options]
+
+      DESCRIPTION
+          Install the project's modules.
+
+          Module declarations are loaded from the project's configuration
+          file. Bolt will automatically resolve all module dependencies,
+          generate a Puppetfile, and install the modules.
+    HELP
+
     PLAN_HELP = <<~HELP
       NAME
           plan
@@ -828,7 +866,7 @@ module Bolt
              "This option is experimental.") do |exec|
         @options[:'copy-command'] = exec
       end
-      define('--connect-timeout TIMEOUT', Integer, 'Connection timeout (defaults vary)') do |timeout|
+      define('--connect-timeout TIMEOUT', Integer, 'Connection timeout in seconds (defaults vary)') do |timeout|
         @options[:'connect-timeout'] = timeout
       end
       define('--[no-]tty', 'Request a pseudo TTY on targets that support it') do |tty|
@@ -864,9 +902,9 @@ module Bolt
       define('--modules MODULES',
              'A comma-separated list of modules to install from the Puppet Forge',
              'when initializing a project. Resolves and installs all dependencies.') do |modules|
-        @options[:modules] = modules.split(',')
+        @options[:modules] = modules.split(',').map { |mod| { 'name' => mod } }
       end
-      define('--force', 'Overwrite existing key pairs') do |_force|
+      define('--force', 'Force a destructive action') do |_force|
         @options[:force] = true
       end
 

data/lib/bolt/cli.rb

@@ -40,7 +40,8 @@ module Bolt
                  'group' => %w[show],
                  'project' => %w[init migrate],
                  'apply' => %w[],
-                 'guide' => %w[] }.freeze
+                 'guide' => %w[],
+                 'module' => %w[install] }.freeze
 
     attr_reader :config, :options
 
@@ -210,10 +211,14 @@ module Bolt
     end
 
     def validate(options)
-      unless COMMANDS.include?(options[:subcommand])
+      # Disables the 'module' subcommand unless the module feature flag is set.
+      commands = COMMANDS.dup
+      commands.delete('module') unless ENV['BOLT_MODULE_FEATURE']
+
+      unless commands.include?(options[:subcommand])
         raise Bolt::CLIError,
               "Expected subcommand '#{options[:subcommand]}' to be one of " \
-              "#{COMMANDS.keys.join(', ')}"
+              "#{commands.keys.join(', ')}"
       end
 
       actions = COMMANDS[options[:subcommand]]
@@ -353,7 +358,7 @@ module Bolt
       # Initialize inventory and targets. Errors here are better to catch early.
       # options[:target_args] will contain a string/array version of the targetting options this is passed to plans
       # options[:targets] will contain a resolved set of Target objects
-      unless %w[project puppetfile secret guide].include?(options[:subcommand]) ||
+      unless %w[guide module project puppetfile secret].include?(options[:subcommand]) ||
              %w[convert new show].include?(options[:action])
         update_targets(options)
       end
@@ -443,12 +448,17 @@ module Bolt
         when 'run'
           code = run_plan(options[:object], options[:task_options], options[:target_args], options)
         end
+      when 'module'
+        case options[:action]
+        when 'install'
+          code = install_project_modules
+        end
       when 'puppetfile'
         case options[:action]
         when 'generate-types'
           code = generate_types
         when 'install'
-          code = install_puppetfile(config.puppetfile_config, config.puppetfile, config.modulepath)
+          code = install_puppetfile(config.puppetfile_config, config.puppetfile, config.modulepath.first)
         end
       when 'secret'
         code = Bolt::Secret.execute(plugins, outputter, options)
@@ -798,36 +808,38 @@ module Bolt
       old_config = project + 'bolt.yaml'
       config     = project + 'bolt-project.yaml'
       puppetfile = project + 'Puppetfile'
-      modulepath = [project + 'modules']
+      moduledir  = project + 'modules'
+
+      # Warn the user if the project directory already exists. We don't error
+      # here since users might not have installed any modules yet. If both
+      # bolt.yaml and bolt-project.yaml exist, this will just warn about
+      # bolt-project.yaml and subsequent Bolt actions will warn about both files
+      # existing.
+      if config.exist?
+        @logger.warn "Found existing project directory at #{project}. Skipping file creation."
+      elsif old_config.exist?
+        @logger.warn "Found existing #{old_config.basename} at #{project}. "\
+                    "#{old_config.basename} is deprecated, please rename to #{config.basename}."
+      end
 
-      # If modules were specified, first check if there is already a Puppetfile at the project
-      # directory, erroring if there is. If there is no Puppetfile, generate the Puppetfile
-      # content by resolving the specified modules and all their dependencies.
-      # We generate the Puppetfile first so that any errors in resolving modules and their
-      # dependencies are caught early and do not create a project directory.
+      # If modules were specified, first check if there is already a Puppetfile
+      # at the project directory, erroring if there is. If there is no
+      # Puppetfile, install the specified modules. The module installer will
+      # resolve dependencies, generate a Puppetfile, and install the modules.
       if options[:modules]
         if puppetfile.exist?
           raise Bolt::CLIError,
-                "Found existing Puppetfile at #{puppetfile}, unable to initialize project with "\
-                "#{options[:modules].join(', ')}"
-        else
-          puppetfile_specs = resolve_puppetfile_specs
+                "Found existing Puppetfile at #{puppetfile}, unable to initialize "\
+                "project with modules."
         end
+
+        install_modules(puppetfile, {}, moduledir, options[:modules])
       end
 
-      # Warn the user if the project directory already exists. We don't error here since users
-      # might not have installed any modules yet.
-      # If both bolt.yaml and bolt-project.yaml exist, this will just warn
-      # about bolt-project.yaml and subsequent Bolt actions will warn about
-      # both files existing
-      if config.exist?
-        @logger.warn "Found existing project directory at #{project}. Skipping file creation."
-      # This won't get called if bolt-project.yaml exists
-      elsif old_config.exist?
-        @logger.warn "Found existing #{old_config.basename} at #{project}. "\
-          "#{old_config.basename} is deprecated, please rename to #{config.basename}."
-      # Bless the project directory as a...wait for it...project
-      else
+      # If either bolt.yaml or bolt-project.yaml exist, the user has already
+      # been warned and we can just finish project creation. Otherwise, create a
+      # bolt-project.yaml with the project name in it.
+      unless config.exist? || old_config.exist?
         begin
           content = { 'name' => name }
           File.write(config.to_path, content.to_yaml)
@@ -837,109 +849,82 @@ module Bolt
         end
       end
 
-      # Write the generated Puppetfile to the fancy new project
-      if puppetfile_specs
-        File.write(puppetfile, puppetfile_specs.join("\n"))
-        outputter.print_message "Successfully created Puppetfile at #{puppetfile}"
-        # Install the modules from our shiny new Puppetfile
-        if install_puppetfile({}, puppetfile, modulepath)
-          outputter.print_message "Successfully installed #{options[:modules].join(', ')}"
-        else
-          raise Bolt::CLIError, "Could not install #{options[:modules].join(', ')}"
-        end
-      end
-
       0
     end
 
-    # Resolves Puppetfile specs from user-specified modules and dependencies resolved
-    # by the puppetfile-resolver gem.
-    def resolve_puppetfile_specs
-      require 'puppetfile-resolver'
-
-      # Build the document model from the module names, defaulting to the latest version of each module
-      model = PuppetfileResolver::Puppetfile::Document.new('')
-      options[:modules].each do |mod_name|
-        model.add_module(
-          PuppetfileResolver::Puppetfile::ForgeModule.new(mod_name).tap { |mod| mod.version = :latest }
-        )
-      end
-
-      # Make sure the Puppetfile model is valid
-      unless model.valid?
-        raise Bolt::ValidationError,
-              "Unable to resolve dependencies for #{options[:modules].join(', ')}"
+    # Installs modules declared in the project configuration file.
+    #
+    def install_project_modules
+      if config.project.modules.nil?
+        outputter.print_message "Project configuration file '#{config.project.project_file}' "\
+                                "does not specify any module dependencies. Nothing to do."
+        return 0
       end
 
-      # Create the resolver using the Puppetfile model. nil disables Puppet version restrictions.
-      resolver = PuppetfileResolver::Resolver.new(model, nil)
-
-      # Configure and resolve the dependency graph
-      result = resolver.resolve(
-        cache:                 nil,
-        ui:                    nil,
-        module_paths:          [],
-        allow_missing_modules: true
+      install_modules(
+        config.puppetfile,
+        config.puppetfile_config,
+        config.project.path + '.modules',
+        config.project.modules
       )
+    end
 
-      # Validate that the modules exist
-      missing_graph = result.specifications.select do |_name, spec|
-        spec.instance_of? PuppetfileResolver::Models::MissingModuleSpecification
-      end
-
-      if missing_graph.any?
-        titles = model.modules.each_with_object({}) do |mod, acc|
-          acc[mod.name] = mod.title
+    # Installs modules declared in the project configuration file.
+    #
+    def install_modules(puppetfile_path, config, moduledir, modules)
+      require 'bolt/puppetfile'
+      require 'bolt/puppetfile/installer'
+
+      puppetfile = Bolt::Puppetfile.new(modules)
+
+      # If the Puppetfile exists, check if it includes specs for each declared
+      # module, erroring if there are any missing. Otherwise, resolve the
+      # module dependencies and write a new Puppetfile. Users can forcibly
+      # overwrite an existing Puppetfile with the '--force' option.
+      if puppetfile_path.exist? && !options[:force]
+        outputter.print_message "Parsing existing Puppetfile at #{puppetfile_path}"
+        existing = Bolt::Puppetfile.parse(puppetfile_path)
+
+        unless existing.modules.superset? puppetfile.modules
+          missing_modules = puppetfile.modules - existing.modules
+
+          raise Bolt::Error.new(
+            "Puppetfile #{puppetfile_path} is missing specifications for modules: "\
+            "#{missing_modules.map(&:title).join(', ')}. This may not be a Puppetfile "\
+            "managed by Bolt. To forcibly overwrite the Puppetfile, run with the "\
+            "'--force' option.",
+            'bolt/missing-module-specs'
+          )
         end
-
-        names = titles.values_at(*missing_graph.keys)
-        plural = names.count == 1 ? '' : 's'
-
-        raise Bolt::ValidationError,
-              "Unknown module name#{plural} #{names.join(', ')}"
-      end
-
-      # Filter the dependency graph to only include module specifications
-      spec_graph = result.specifications.select do |_name, spec|
-        spec.instance_of? PuppetfileResolver::Models::ModuleSpecification
+      else
+        outputter.print_message "Resolving module dependencies, this may take a moment"
+        puppetfile.resolve
+        outputter.print_message "Writing Puppetfile at #{puppetfile_path}"
+        puppetfile.write(puppetfile_path, force: true)
       end
 
-      # Map specification models to a Puppetfile specification
-      spec_graph.values.map do |spec|
-        "mod '#{spec.owner}-#{spec.name}', '#{spec.version}'"
-      end
-    end
+      outputter.print_message "Syncing modules from #{puppetfile_path} to #{moduledir}"
+      ok = Bolt::Puppetfile::Installer.new(config).install(puppetfile_path, moduledir)
 
-    def install_puppetfile(config, puppetfile, modulepath)
-      require 'r10k/cli'
-      require 'bolt/r10k_log_proxy'
+      # Automatically generate types after installing modules.
+      pal.generate_types
 
-      if puppetfile.exist?
-        moduledir = modulepath.first.to_s
-        r10k_opts = {
-          root: puppetfile.dirname.to_s,
-          puppetfile: puppetfile.to_s,
-          moduledir: moduledir
-        }
+      outputter.print_puppetfile_result(ok, puppetfile_path, moduledir)
+      ok ? 0 : 1
+    end
 
-        settings = R10K::Settings.global_settings.evaluate(config)
-        R10K::Initializers::GlobalInitializer.new(settings).call
-        install_action = R10K::Action::Puppetfile::Install.new(r10k_opts, nil)
+    # Loads a Puppetfile and installs its modules.
+    #
+    def install_puppetfile(config, puppetfile, moduledir)
+      require 'bolt/puppetfile/installer'
 
-        # Override the r10k logger with a proxy to our own logger
-        R10K::Logging.instance_variable_set(:@outputter, Bolt::R10KLogProxy.new)
+      ok = Bolt::Puppetfile::Installer.new(config).install(puppetfile, moduledir)
 
-        ok = install_action.call
-        outputter.print_puppetfile_result(ok, puppetfile, moduledir)
-        # Automatically generate types after installing modules
-        pal.generate_types
+      # Automatically generate types after installing modules.
+      pal.generate_types
 
-        ok ? 0 : 1
-      else
-        raise Bolt::FileError.new("Could not find a Puppetfile at #{puppetfile}", puppetfile)
-      end
-    rescue R10K::Error => e
-      raise PuppetfileError, e
+      outputter.print_puppetfile_result(ok, puppetfile, moduledir)
+      ok ? 0 : 1
     end
 
     def pal

data/lib/bolt/config.rb

@@ -64,7 +64,7 @@ module Bolt
              end
 
       data = load_defaults(project).push(
-        filepath: project.config_file,
+        filepath: configfile,
         data: conf,
         logs: logs,
         deprecations: []
@@ -344,6 +344,14 @@ module Bolt
     end
 
     private def update_logs(logs)
+      begin
+        if logs['bolt-debug.log'] && logs['bolt-debug.log'] != 'disable'
+          FileUtils.touch(File.expand_path('bolt-debug.log', @project.path))
+        end
+      rescue StandardError
+        logs.delete('bolt-debug.log')
+      end
+
       logs.each_with_object({}) do |(key, val), acc|
         # Remove any disabled logs
         next if val == 'disable'

data/lib/bolt/config/options.rb

@@ -227,6 +227,24 @@ module Bolt
           _example: ["~/.puppetlabs/bolt/modules", "~/.puppetlabs/bolt/site-modules"],
           _default: ["project/modules", "project/site-modules", "project/site"]
         },
+        "modules" => {
+          description: "A list of module dependencies for the project. Each dependency is a map of data specifying "\
+                       "the module to install. To install the project's module dependencies, run the `bolt module "\
+                       "install` command.",
+          type: Array,
+          items: {
+            type: Hash,
+            required: ["name"],
+            properties: {
+              "name" => {
+                description: "The name of the module.",
+                type: String
+              }
+            }
+          },
+          _plugin: false,
+          _example: [{ "name" => "puppetlabs-mysql" }, { "name" => "puppetlabs-apache" }]
+        },
         "name" => {
           description: "The name of the Bolt project. When this option is configured, the project is considered a "\
                        "[Bolt project](experimental_features.md#bolt-projects), allowing Bolt to load content from "\
@@ -476,6 +494,7 @@ module Bolt
         inventoryfile
         log
         modulepath
+        modules
         name
         plans
         plugin_hooks

data/lib/bolt/pal.rb

@@ -141,6 +141,19 @@ module Bolt
       end
     end
 
+    def detect_project_conflict(project, environment)
+      return unless project && project.load_as_module?
+      # The environment modulepath has stripped out non-existent directories,
+      # so we don't need to check for them
+      modules = environment.modulepath.flat_map do |path|
+        Dir.children(path).select { |name| Puppet::Module.is_module_directory?(name, path) }
+      end
+      if modules.include?(project.name)
+        Bolt::Logger.warn_once("project shadows module",
+                               "The project '#{project.name}' shadows an existing module of the same name")
+      end
+    end
+
     # Runs a block in a PAL script compiler configured for Bolt.  Catches
     # exceptions thrown by the block and re-raises them ensuring they are
     # Bolt::Errors since the script compiler block will squash all exceptions.
@@ -151,6 +164,10 @@ module Bolt
         # Only load the project if it a) exists, b) has a name it can be loaded with
         Puppet.override(bolt_project: @project,
                         yaml_plan_instantiator: Bolt::PAL::YamlPlan::Loader) do
+          # Because this has the side effect of loading and caching the list
+          # of modules, it must happen *after* we have overridden
+          # bolt_project or the project will be ignored
+          detect_project_conflict(@project, Puppet.lookup(:environments).get('bolt'))
           pal.with_script_compiler(set_local_facts: false) do |compiler|
             alias_types(compiler)
             register_resource_types(Puppet.lookup(:loaders)) if @resource_types

data/lib/bolt/project.rb

@@ -50,6 +50,20 @@ module Bolt
     def self.create_project(path, type = 'option', logs = [])
       fullpath = Pathname.new(path).expand_path
 
+      if type == 'user'
+        begin
+          # This is already expanded if the type is user
+          FileUtils.mkdir_p(path)
+        rescue StandardError
+          logs << { warn: "Could not create default project at #{path}. Continuing without a writeable project. "\
+                    "Log and rerun files will not be written." }
+        end
+      end
+
+      if type == 'option' && !File.directory?(path)
+        raise Bolt::Error.new("Could not find project at #{path}", "bolt/project-error")
+      end
+
       if !Bolt::Util.windows? && type != 'environment' && fullpath.world_writable?
         raise Bolt::Error.new(
           "Project directory '#{fullpath}' is world-writable which poses a security risk. Set "\
@@ -149,6 +163,10 @@ module Bolt
       @data['plans']
     end
 
+    def modules
+      @data['modules']
+    end
+
     def validate
       if name
         if name !~ Bolt::Module::MODULE_NAME_REGEX
@@ -170,6 +188,23 @@ module Bolt
           raise Bolt::ValidationError, "'#{conf}' in bolt-project.yaml must be an array"
         end
       end
+
+      if @data['modules']
+        unless @data['modules'].is_a?(Array)
+          raise Bolt::ValidationError, "'modules' in bolt-project.yaml must be an array"
+        end
+
+        @data['modules'].each do |mod|
+          next if mod.is_a?(Hash)
+          raise Bolt::ValidationError, "Module declaration #{mod.inspect} must be a hash"
+        end
+
+        unknown_keys = data['modules'].flat_map(&:keys).uniq - ['name']
+        if unknown_keys.any?
+          @logs << { warn: "Module declarations in bolt-project.yaml only support a name key. Ignoring "\
+                           "unsupported keys: #{unknown_keys.join(', ')}." }
+        end
+      end
     end
 
     def check_deprecated_file

data/lib/bolt/puppetfile.rb

@@ -0,0 +1,160 @@
+# frozen_string_literal: true
+
+require 'bolt/error'
+require 'bolt/puppetfile/module'
+
+# This class manages the logical contents of a Puppetfile. It includes methods
+# for parsing a Puppetfile and its modules, resolving module dependencies,
+# and writing a Puppetfile.
+#
+module Bolt
+  class Puppetfile
+    attr_reader :modules
+
+    def initialize(modules = [])
+      @modules = Set.new
+      add_modules(modules)
+    end
+
+    # Loads a Puppetfile and parses its module specifications, returning a
+    # Bolt::Puppetfile object with the modules set.
+    #
+    def self.parse(path)
+      require 'puppetfile-resolver'
+      require 'puppetfile-resolver/puppetfile/parser/r10k_eval'
+
+      begin
+        parsed = ::PuppetfileResolver::Puppetfile::Parser::R10KEval.parse(File.read(path))
+      rescue StandardError => e
+        raise Bolt::Error.new(
+          "Unable to parse Puppetfile #{path}: #{e.message}",
+          'bolt/puppetfile-parsing'
+        )
+      end
+
+      unless parsed.valid?
+        raise Bolt::ValidationError,
+              "Unable to parse Puppetfile #{path}"
+      end
+
+      modules = parsed.modules.map do |mod|
+        Bolt::Puppetfile::Module.new(mod.owner, mod.name, mod.version)
+      end
+
+      new(modules)
+    end
+
+    # Writes a Puppetfile that includes specifications for each of the
+    # modules.
+    #
+    def write(path, force: false)
+      if File.exist?(path) && !force
+        raise Bolt::FileError.new(
+          "Cannot overwrite existing Puppetfile at #{path}. To forcibly overwrite, "\
+          "run with the '--force' option.",
+          path
+        )
+      end
+
+      File.open(path, 'w') do |file|
+        file.puts '# This Puppetfile is managed by Bolt. Do not edit.'
+        modules.each { |mod| file.puts mod.to_spec }
+        file.puts
+      end
+    rescue SystemCallError => e
+      raise Bolt::FileError.new(
+        "#{e.message}: unable to write Puppetfile.",
+        path
+      )
+    end
+
+    # Resolves module dependencies using the puppetfile-resolver library. The
+    # resolver will return a document model including all module dependencies
+    # and the latest version that can be installed for each. The document model
+    # is parsed and turned into a Set of Bolt::Puppetfile::Module objects.
+    #
+    def resolve
+      require 'puppetfile-resolver'
+
+      # Build the document model from the modules.
+      model = PuppetfileResolver::Puppetfile::Document.new('')
+
+      @modules.each do |mod|
+        model.add_module(
+          PuppetfileResolver::Puppetfile::ForgeModule.new(mod.title).tap do |tap|
+            tap.version = :latest
+          end
+        )
+      end
+
+      # Make sure the Puppetfile model is valid.
+      unless model.valid?
+        raise Bolt::ValidationError,
+              "Unable to resolve dependencies for modules: #{@modules.map(&:title).join(', ')}"
+      end
+
+      # Create the resolver using the Puppetfile model. nil disables Puppet
+      # version restrictions.
+      resolver = PuppetfileResolver::Resolver.new(model, nil)
+
+      # Configure and resolve the dependency graph, catching any errors
+      # raised by puppetfile-resolver and re-raising them as Bolt errors.
+      begin
+        result = resolver.resolve(
+          cache:                 nil,
+          ui:                    nil,
+          module_paths:          [],
+          allow_missing_modules: true
+        )
+      rescue StandardError => e
+        raise Bolt::Error.new(e.message, 'bolt/puppetfile-resolver-error')
+      end
+
+      # Validate that the modules exist.
+      missing_graph = result.specifications.select do |_name, spec|
+        spec.instance_of? PuppetfileResolver::Models::MissingModuleSpecification
+      end
+
+      if missing_graph.any?
+        titles = model.modules.each_with_object({}) do |mod, acc|
+          acc[mod.name] = mod.title
+        end
+
+        names = titles.values_at(*missing_graph.keys)
+        plural = names.count == 1 ? '' : 's'
+
+        raise Bolt::Error.new(
+          "Unknown module name#{plural} #{names.join(', ')}",
+          'bolt/unknown-modules'
+        )
+      end
+
+      # Filter the dependency graph to only include module specifications. This
+      # will only remove the Puppet version specification, which is not needed.
+      specs = result.specifications.select do |_name, spec|
+        spec.instance_of? PuppetfileResolver::Models::ModuleSpecification
+      end
+
+      @modules = specs.map do |_name, spec|
+        Bolt::Puppetfile::Module.new(spec.owner, spec.name, spec.version.to_s)
+      end.to_set
+    end
+
+    # Adds to the set of modules.
+    #
+    def add_modules(modules)
+      modules.each do |mod|
+        case mod
+        when Bolt::Puppetfile::Module
+          @modules << mod
+        when Hash
+          @modules << Bolt::Puppetfile::Module.from_hash(mod)
+        else
+          raise Bolt::ValidationError, "Module must be a Bolt::Puppetfile::Module or Hash."
+        end
+      end
+
+      @modules
+    end
+  end
+end

data/lib/bolt/puppetfile/installer.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require 'r10k/cli'
+require 'bolt/r10k_log_proxy'
+require 'bolt/error'
+
+# This class is used to install modules from a Puppetfile to a module directory.
+#
+module Bolt
+  class Puppetfile
+    class Installer
+      def initialize(config = {})
+        @config = config
+      end
+
+      def install(path, moduledir)
+        unless File.exist?(path)
+          raise Bolt::FileError.new(
+            "Could not find a Puppetfile at #{path}",
+            path
+          )
+        end
+
+        r10k_opts = {
+          root:       File.dirname(path),
+          puppetfile: path.to_s,
+          moduledir:  moduledir.to_s
+        }
+
+        settings = R10K::Settings.global_settings.evaluate(@config)
+        R10K::Initializers::GlobalInitializer.new(settings).call
+        install_action = R10K::Action::Puppetfile::Install.new(r10k_opts, nil)
+
+        # Override the r10k logger with a proxy to our own logger
+        R10K::Logging.instance_variable_set(:@outputter, Bolt::R10KLogProxy.new)
+
+        install_action.call
+      rescue R10K::Error => e
+        raise PuppetfileError, e
+      end
+    end
+  end
+end

data/lib/bolt/puppetfile/module.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+require 'bolt/error'
+
+# This class represents a module specification. It used by the Bolt::Puppetfile
+# class to have a consistent API for accessing a module's attributes.
+#
+module Bolt
+  class Puppetfile
+    class Module
+      attr_reader :owner, :name, :version
+
+      def initialize(owner, name, version = nil)
+        @owner   = owner
+        @name    = name
+        @version = version
+      end
+
+      # Creates a new module from a hash.
+      #
+      def self.from_hash(mod)
+        unless mod['name'].is_a?(String)
+          raise Bolt::ValidationError,
+                "Module name must be a String, not #{mod['name'].inspect}"
+        end
+
+        owner, name = mod['name'].tr('/', '-').split('-', 2)
+
+        unless owner && name
+          raise Bolt::ValidationError, "Module name #{mod['name']} must include both the owner and module name."
+        end
+
+        new(owner, name)
+      end
+
+      # Returns the module's title.
+      #
+      def title
+        "#{@owner}-#{@name}"
+      end
+
+      # Checks two modules for equality.
+      #
+      def eql?(other)
+        self.class == other.class && @owner == other.owner && @name == other.name
+      end
+      alias == eql?
+
+      # Hashes the module.
+      #
+      def hash
+        [@owner, @name].hash
+      end
+
+      # Returns the Puppetfile specification for the module.
+      #
+      def to_spec
+        if @version
+          "mod #{title.inspect}, #{@version.inspect}"
+        else
+          "mod #{title.inspect}"
+        end
+      end
+    end
+  end
+end

data/lib/bolt/rerun.rb

@@ -53,7 +53,7 @@ module Bolt
         end
       end
     rescue StandardError => e
-      @logger.warn("Failed to save result to #{@path}: #{e.message}")
+      Bolt::Logger.warn_once('unwriteable_file', "Failed to save result to #{@path}: #{e.message}")
     end
   end
 end

data/lib/bolt/result.rb

@@ -66,9 +66,24 @@ module Bolt
                             'details' => { 'exit_code' => exit_code } }
       end
 
+      if value.key?('_error')
+        unless value['_error'].is_a?(Hash) && value['_error'].key?('msg')
+          value['_error'] = {
+            'msg'     => "Invalid error returned from task #{task}: #{value['_error'].inspect}. Error "\
+                         "must be an object with a msg key.",
+            'kind'    => 'bolt/invalid-task-error',
+            'details' => { 'original_error' => value['_error'] }
+          }
+        end
+
+        value['_error']['kind']    ||= 'bolt/error'
+        value['_error']['details'] ||= {}
+      end
+
       if value.key?('_sensitive')
         value['_sensitive'] = Puppet::Pops::Types::PSensitiveType::Sensitive.new(value['_sensitive'])
       end
+
       new(target, value: value, action: 'task', object: task)
     end
 

data/lib/bolt/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Bolt
-  VERSION = '2.26.0'
+  VERSION = '2.27.0'
 end

data/lib/bolt_server/base_config.rb

@@ -7,7 +7,7 @@ module BoltServer
   class BaseConfig
     def config_keys
       %w[host port ssl-cert ssl-key ssl-ca-cert
-         ssl-cipher-suites loglevel logfile whitelist]
+         ssl-cipher-suites loglevel logfile whitelist projects-dir]
     end
 
     def env_keys

data/lib/bolt_server/config.rb

@@ -7,7 +7,7 @@ require 'bolt/error'
 module BoltServer
   class Config < BoltServer::BaseConfig
     def config_keys
-      super + %w[concurrency cache-dir file-server-conn-timeout file-server-uri]
+      super + %w[concurrency cache-dir file-server-conn-timeout file-server-uri projects-dir]
     end
 
     def env_keys

data/lib/bolt_server/transport_app.rb

@@ -5,6 +5,7 @@ require 'addressable/uri'
 require 'bolt'
 require 'bolt/error'
 require 'bolt/inventory'
+require 'bolt/project'
 require 'bolt/target'
 require 'bolt_server/file_cache'
 require 'bolt/task/puppet_server'
@@ -191,20 +192,44 @@ module BoltServer
     end
 
     def in_pe_pal_env(environment)
-      if environment.nil?
-        [400, '`environment` is a required argument']
-      else
-        @pal_mutex.synchronize do
-          pal = BoltServer::PE::PAL.new({}, environment)
-          yield pal
-        rescue Puppet::Environments::EnvironmentNotFound
-          [400, {
-            "class" => 'bolt/unknown-environment',
-            "message" => "Environment #{environment} not found"
-          }.to_json]
-        rescue Bolt::Error => e
-          [400, e.to_json]
-        end
+      return [400, '`environment` is a required argument'] if environment.nil?
+      @pal_mutex.synchronize do
+        pal = BoltServer::PE::PAL.new({}, environment)
+        yield pal
+      rescue Puppet::Environments::EnvironmentNotFound
+        [400, {
+          "class" => 'bolt/unknown-environment',
+          "message" => "Environment #{environment} not found"
+        }.to_json]
+      rescue Bolt::Error => e
+        [400, e.to_json]
+      end
+    end
+
+    def in_bolt_project(bolt_project)
+      return [400, '`project_ref` is a required argument'] if bolt_project.nil?
+      project_dir = File.join(@config['projects-dir'], bolt_project)
+      return [400, "`project_ref`: #{project_dir} does not exist"] unless Dir.exist?(project_dir)
+      @pal_mutex.synchronize do
+        project = Bolt::Project.create_project(project_dir)
+        bolt_config = Bolt::Config.from_project(project, {})
+        pal = Bolt::PAL.new(bolt_config.modulepath, nil, nil, nil, nil, nil, bolt_config.project)
+        module_path = [
+          BoltServer::PE::PAL::PE_BOLTLIB_PATH,
+          Bolt::PAL::BOLTLIB_PATH,
+          *bolt_config.modulepath,
+          Bolt::PAL::MODULES_PATH
+        ]
+        # CODEREVIEW: I *think* this is the only thing we need to make different between bolt's PAL. Is it acceptable
+        # to hack this? Modulepath is currently a readable attribute, could we make it writeable?
+        pal.instance_variable_set(:@modulepath, module_path)
+        context = {
+          pal: pal,
+          config: bolt_config
+        }
+        yield context
+      rescue Bolt::Error => e
+        [400, e.to_json]
       end
     end
 
@@ -221,14 +246,12 @@ module BoltServer
       plan_info
     end
 
-    def build_puppetserver_uri(file_identifier, module_name, environment)
+    def build_puppetserver_uri(file_identifier, module_name, parameters)
       segments = file_identifier.split('/', 3)
       if segments.size == 1
         {
           'path' => "/puppet/v3/file_content/tasks/#{module_name}/#{file_identifier}",
-          'params' => {
-            'environment' => environment
-          }
+          'params' => parameters
         }
       else
         module_segment, mount_segment, name_segment = *segments
@@ -241,14 +264,12 @@ module BoltServer
                     when 'lib'
                       "/puppet/v3/file_content/plugins/#{name_segment}"
                     end,
-          'params' => {
-            'environment' => environment
-          }
+          'params' => parameters
         }
       end
     end
 
-    def pe_task_info(pal, module_name, task_name, environment)
+    def pe_task_info(pal, module_name, task_name, parameters)
       # Handle case where task name is simply module name with special `init` task
       task_name = if task_name == 'init' || task_name.nil?
                     module_name
@@ -261,7 +282,7 @@ module BoltServer
           'filename' => file_hash['name'],
           'sha256' => Digest::SHA256.hexdigest(File.read(file_hash['path'])),
           'size_bytes' => File.size(file_hash['path']),
-          'uri' => build_puppetserver_uri(file_hash['name'], module_name, environment)
+          'uri' => build_puppetserver_uri(file_hash['name'], module_name, parameters)
         }
       end
       {
@@ -271,6 +292,21 @@ module BoltServer
       }
     end
 
+    def allowed_helper(metadata, allowlist)
+      allowed = allowlist.nil? || allowlist.include?(metadata['name']) ? true : false
+      metadata.merge({ 'allowed' => allowed })
+    end
+
+    def task_list(pal)
+      tasks = pal.list_tasks
+      tasks.map { |task_name, _description| { 'name' => task_name } }
+    end
+
+    def plan_list(pal)
+      plans = pal.list_plans.flatten
+      plans.map { |plan_name| { 'name' => plan_name } }
+    end
+
     get '/' do
       200
     end
@@ -401,12 +437,40 @@ module BoltServer
       end
     end
 
+    # Fetches the metadata for a single plan
+    #
+    # @param project_ref [String] the project to fetch the plan from
+    get '/project_plans/:module_name/:plan_name' do
+      in_bolt_project(params['project_ref']) do |context|
+        plan_info = pe_plan_info(context[:pal], params[:module_name], params[:plan_name])
+        plan_info = allowed_helper(plan_info, context[:config].project.plans)
+        [200, plan_info.to_json]
+      end
+    end
+
     # Fetches the metadata for a single task
     #
     # @param environment [String] the environment to fetch the task from
     get '/tasks/:module_name/:task_name' do
       in_pe_pal_env(params['environment']) do |pal|
-        task_info = pe_task_info(pal, params[:module_name], params[:task_name], params['environment'])
+        ps_parameters = {
+          'environment' => params['environment']
+        }
+        task_info = pe_task_info(pal, params[:module_name], params[:task_name], ps_parameters)
+        [200, task_info.to_json]
+      end
+    end
+
+    # Fetches the metadata for a single task
+    #
+    # @param bolt_project_ref [String] the reference to the bolt-project directory to load task metadata from
+    get '/project_tasks/:module_name/:task_name' do
+      in_bolt_project(params['project_ref']) do |context|
+        ps_parameters = {
+          'project' => params['project_ref']
+        }
+        task_info = pe_task_info(context[:pal], params[:module_name], params[:task_name], ps_parameters)
+        task_info = allowed_helper(task_info, context[:config].project.tasks)
         [200, task_info.to_json]
       end
     end
@@ -435,13 +499,30 @@ module BoltServer
       end
     end
 
+    # Fetches the list of plans for a project
+    #
+    # @param project_ref [String] the project to fetch the list of plans from
+    get '/project_plans' do
+      in_bolt_project(params['project_ref']) do |context|
+        plans_response = plan_list(context[:pal])
+
+        # Dig in context for the allowlist of plans from project object
+        plans_response.map! { |metadata| allowed_helper(metadata, context[:config].project.plans) }
+
+        # We structure this array of plans to be an array of hashes so that it matches the structure
+        # returned by the puppetserver API that serves data like this. Structuring the output this way
+        # makes switching between puppetserver and bolt-server easier, which makes changes to switch
+        # to bolt-server smaller/simpler.
+        [200, plans_response.to_json]
+      end
+    end
+
     # Fetches the list of tasks for an environment
     #
     # @param environment [String] the environment to fetch the list of tasks from
     get '/tasks' do
       in_pe_pal_env(params['environment']) do |pal|
-        tasks = pal.list_tasks
-        tasks_response = tasks.map { |task_name, _description| { 'name' => task_name } }.to_json
+        tasks_response = task_list(pal).to_json
 
         # We structure this array of tasks to be an array of hashes so that it matches the structure
         # returned by the puppetserver API that serves data like this. Structuring the output this way
@@ -451,6 +532,24 @@ module BoltServer
       end
     end
 
+    # Fetches the list of tasks for a bolt-project
+    #
+    # @param project_ref [String] the project to fetch the list of tasks from
+    get '/project_tasks' do
+      in_bolt_project(params['project_ref']) do |context|
+        tasks_response = task_list(context[:pal])
+
+        # Dig in context for the allowlist of tasks from project object
+        tasks_response.map! { |metadata| allowed_helper(metadata, context[:config].project.tasks) }
+
+        # We structure this array of tasks to be an array of hashes so that it matches the structure
+        # returned by the puppetserver API that serves data like this. Structuring the output this way
+        # makes switching between puppetserver and bolt-server easier, which makes changes to switch
+        # to bolt-server smaller/simpler.
+        [200, tasks_response.to_json]
+      end
+    end
+
     error 404 do
       err = Bolt::Error.new("Could not find route #{request.path}",
                             'boltserver/not-found')

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bolt
 version: !ruby/object:Gem::Version
-  version: 2.26.0
+  version: 2.27.0
 platform: ruby
 authors:
 - Puppet
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-08-31 00:00:00.000000000 Z
+date: 2020-09-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -498,6 +498,9 @@ files:
 - lib/bolt/puppetdb.rb
 - lib/bolt/puppetdb/client.rb
 - lib/bolt/puppetdb/config.rb
+- lib/bolt/puppetfile.rb
+- lib/bolt/puppetfile/installer.rb
+- lib/bolt/puppetfile/module.rb
 - lib/bolt/r10k_log_proxy.rb
 - lib/bolt/rerun.rb
 - lib/bolt/resource_instance.rb