boltwash 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 57665589df84a1e04ea2dad5a2fecc31adda58d86d3b2b579ba9324e4e58af02
-  data.tar.gz: 8b42d2eb0e9fdc9ed9d0e0052253550e87cd8041d67ebe562573611f49f1f0a0
+  metadata.gz: caeda79144ee72ab2b2bca808db20a8d5bb80998bae6b1fd11dde3a02ea25f65
+  data.tar.gz: bb4a8b58c5110e6c8e0f10aa5ba3df7ed0840c8830168639732f43038495c2ee
 SHA512:
-  metadata.gz: dea6c8c3db7641f673fe5a6cfca2191b79499721fc6ddff80d4d1dd59c39f5c0b908f9910092984d2a459d08481062f40acaa0fa0f950fb0e18067e390fd3283
-  data.tar.gz: f75a41d46944efe6b48ec63374703ac847a85675bb6c14f69858cec4569973a9caebed88f6a30113b37f98b2471f8f4f2faba3b8664c5b1f2d192b0829a42e20
+  metadata.gz: 57a6f9fdc85bae6e548c8a39be8f1dfb0612d12fe5109bdd57a200abcab62e40b18f8aaa1319d88d51c0ec02a6f75d6894a5d785ccc45b91a7096481ddd9b2a7
+  data.tar.gz: 4e89cb536309eaa3de01e80c5730024550a4c62c4cc4a276ba5dc3d1f8716438a160ab9e7dd9c896f374e451452c297e6d5e8316e2a40448adbd63a46bf61080

data/bolt.rb

@@ -1,7 +1,6 @@
 #!/usr/bin/env ruby
 # frozen_string_literal: true
 
-require 'bolt/inventory'
 require 'wash'
 
 # For now we're going to mock out the plugin interface. It requires more setup
@@ -38,6 +37,7 @@ class Boltwash < Wash::Entry
   DESC
 
   def init(config)
+    require 'bolt/inventory'
     boltdir = config[:dir] ? Bolt::Boltdir.new(config[:dir]) : Bolt::Boltdir.default_boltdir
     bolt_config = Bolt::Config.from_boltdir(boltdir)
     @inventory = Bolt::Inventory.from_config(bolt_config, Plugin.new)
@@ -69,10 +69,25 @@ class Group < Wash::Entry
   end
 end
 
+def get_login_shell(target)
+  # Bolt's inventory defines a shell as a feature. Some transports provide
+  # default features as well. Use these to determine the login shell.
+  if target.features.include?('powershell')
+    'powershell'
+  elsif target.features.include?('bash')
+    'posixshell'
+  elsif target.transport == 'winrm'
+    'powershell'
+  elsif target.transport == 'ssh' || target.transport.nil?
+    'posixshell'
+  end
+end
 
 class Target < Wash::Entry
   label 'target'
   parent_of VOLUMEFS
+  state :target
+  attributes :os
   description <<~DESC
     This is a target. You can view target configuration with the 'meta' command,
     and SSH to the target if it accepts SSH connections. If SSH works, the 'fs'
@@ -117,36 +132,59 @@ class Target < Wash::Entry
     }
   end
 
-  def known_hosts(host_key_check)
-    return nil unless host_key_check == false
-
-    # Disable host key checking by redirecting known hosts to an empty file
-    # This is future-proofing for when Wash works on Windows.
-    Gem.win_platform? ? 'NUL' : '/dev/null'
-  end
-
-  def transport_options(target)
-    {
-      host: target.host,
-      port: target.port,
-      user: target.user,
-      password: target.password,
-      identity_file: target.options['private-key'],
-      known_hosts: known_hosts(target.options['host-key-check'])
-    }
-  end
-
   def initialize(target)
     # Save just the target information we need as state.
     @name = target.name
     @partial_metadata = target.detail
-    # TODO: add WinRM
-    transport :ssh, transport_options(target) if target.protocol == 'ssh'
+    @target = target.to_h
+    if (shell = get_login_shell(target))
+      @os = { login_shell: shell }
+    end
     prefetch :list
   end
 
-  def exec(*_args)
-    raise 'non-ssh protocols are not yet implemented'
+  # Only implements SSH, WinRM, and Docker. Local is trivial, and remote is not
+  # really usable. PCP I hope to implement later.
+  def exec(cmd, args, opts)
+    # lazy-load dependencies to make the plugin as fast as possible
+    require 'bolt/target'
+    require 'logging'
+
+    # opts can contain 'tty', 'stdin', and 'elevate'. If tty is set, apply it
+    # to the target for this exec.
+    target_opts = @target.transform_keys(&:to_s)
+    target_opts['tty'] = true if opts[:tty]
+    target = Bolt::Target.new(@target[:uri], target_opts)
+
+    logger = Logging.logger($stderr)
+    logger.level = :warn
+
+    transport = target.transport || 'ssh'
+    case transport
+    when 'ssh'
+      require_relative 'transport_ssh.rb'
+      connection = BoltSSH.new(target, logger)
+    when 'winrm'
+      require_relative 'transport_winrm.rb'
+      connection = BoltWinRM.new(target, logger)
+    when 'docker'
+      require_relative 'transport_docker.rb'
+      connection = BoltDocker.new(target)
+    else
+      raise "#{transport} unsupported"
+    end
+
+    begin
+      connection.connect
+      # Returns exit code
+      connection.execute(cmd, args, stdin: opts[:stdin])
+    ensure
+      begin
+        connection&.disconnect
+      rescue StandardError => e
+        logger.info("Failed to close connection to #{target}: #{e}")
+      end
+    end
   end
 
   def list

data/transport_docker.rb

@@ -0,0 +1,39 @@
+require 'bolt/transport/base'
+require 'bolt/transport/docker/connection'
+require 'open3'
+require 'shellwords'
+
+class BoltDocker < Bolt::Transport::Docker::Connection
+  attr_reader :target
+
+  # Adapted from Bolt::Transport::Docker::Connection.execute.
+  def execute(cmd, args, stdin: nil)
+    command_options = []
+    # Need to be interactive if redirecting STDIN
+    command_options << '--interactive' unless stdin.nil?
+    command_options << '--tty' if target.options['tty']
+    command_options << container_id
+    command = Shellwords.join([cmd] + args)
+    if target.options['shell-command'] && !target.options['shell-command'].empty?
+      # escape any double quotes in command
+      command = command.gsub('"', '\"')
+      command = "#{target.options['shell-command']} \" #{command}\""
+    end
+    command_options.concat(Shellwords.split(command))
+
+    env_hash = {}
+    # Set the DOCKER_HOST if we are using a non-default service-url
+    env_hash['DOCKER_HOST'] = @docker_host unless @docker_host.nil?
+
+    in_r, in_w = IO.pipe
+    in_w.sync = true
+    in_w.binmode
+    pid = Process.spawn(env_hash, 'docker', 'exec', *command_options, in: in_r)
+    in_w.write(stdin) if stdin
+    in_w.close
+    _, status = Process.wait2(pid)
+
+    # The actual result is the exitstatus not the process object
+    status.nil? ? -32768 : status.exitstatus
+  end
+end

data/transport_ssh.rb

@@ -0,0 +1,66 @@
+require 'bolt/transport/base'
+require 'bolt/transport/sudoable'
+require 'bolt/transport/ssh/connection'
+require 'shellwords'
+
+class BoltSSH < Bolt::Transport::SSH::Connection
+  # Adapted from Bolt::Transport::SSH::Connection.execute with output copied to
+  # $stdout/$stderr. Returns an exit code instead of Bolt::Result. It also
+  # handles stdin differently with sudo; it waits for some response, then
+  # sends stdin.
+  def execute(cmd, args, stdin: nil)
+    command = Shellwords.join([cmd] + args)
+    raise 'stdin not supported while using tty' if stdin && target.options['tty']
+
+    # If not nil, stdin==STDIN. Read all input so we have a string to pass around.
+    stdin = stdin.read if stdin
+
+    escalate = run_as && @user != run_as
+    use_sudo = escalate && target.options['run-as-command'].nil?
+
+    if escalate
+      if use_sudo
+        sudo_exec = target.options['sudo-executable'] || "sudo"
+        sudo_flags = [sudo_exec, "-S", "-H", "-u", run_as, "-p", Bolt::Transport::Sudoable.sudo_prompt]
+        sudo_str = Shellwords.shelljoin(sudo_flags)
+      else
+        sudo_str = Shellwords.shelljoin(target.options['run-as-command'] + [run_as])
+      end
+      command = build_sudoable_command_str(command, sudo_str, @sudo_id, stdin: stdin, reset_cwd: true)
+    end
+
+    exit_code = 0
+    session_channel = @session.open_channel do |channel|
+      # Request a pseudo tty
+      channel.request_pty if target.options['tty']
+
+      channel.exec(command) do |_, success|
+        unless success
+          raise Bolt::Node::ConnectError.new(
+            "Could not execute command: #{command}",
+            'EXEC_ERROR'
+          )
+        end
+
+        channel.on_data do |_, data|
+          $stdout << data unless use_sudo && handled_sudo(channel, data, stdin)
+        end
+
+        channel.on_extended_data do |_, _, data|
+          $stderr << data unless use_sudo && handled_sudo(channel, data, stdin)
+        end
+
+        channel.on_request('exit-status') do |_, data|
+          exit_code = data.read_long
+        end
+
+        if stdin && !use_sudo
+          channel.send_data(stdin)
+          channel.eof!
+        end
+      end
+    end
+    session_channel.wait
+    exit_code
+  end
+end

data/transport_winrm.rb

@@ -0,0 +1,23 @@
+require 'bolt/transport/base'
+require 'bolt/transport/winrm/connection'
+require 'winrm'
+
+class BoltWinRM < Bolt::Transport::WinRM::Connection
+  # Override execute so it streams output and returns the exit code
+  def execute(cmd, args, stdin: nil)
+    # The WinRM gem doesn't provide a way to pass stdin. It would require
+    # sending a whole script to make it work and we don't have a lot of cases
+    # where it's needed yet.
+    raise 'input on stdin not supported' if stdin
+
+    # The powershell implementation ignores 'args', so just string join (which
+    # is how powershell joins arg arrays). If you use characters that need to be
+    # escaped, pass the argument as a single string with appropriate escaping.
+    command = ([cmd] + args).join(' ')
+    output = @session.run(command) do |stdout, stderr|
+      $stdout << stdout
+      $stderr << stderr
+    end
+    output.exitcode
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: boltwash
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Puppet
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-01-29 00:00:00.000000000 Z
+date: 2020-02-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bolt
@@ -46,6 +46,9 @@ extensions: []
 extra_rdoc_files: []
 files:
 - bolt.rb
+- transport_docker.rb
+- transport_ssh.rb
+- transport_winrm.rb
 homepage: https://github.com/puppetlabs/boltwash
 licenses:
 - Apache-2.0