openbolt 5.0.0.rc1

data/lib/bolt/transport/jail/connection.rb

@@ -0,0 +1,81 @@
+# frozen_string_literal: true
+
+require 'logging'
+require_relative '../../../bolt/node/errors'
+
+module Bolt
+  module Transport
+    class Jail < Simple
+      class Connection
+        attr_reader :user, :target
+
+        def initialize(target)
+          raise Bolt::ValidationError, "Target #{target.safe_name} does not have a host" unless target.host
+          @target = target
+          @user = @target.user || ENV['USER'] || Etc.getlogin
+          @logger = Bolt::Logger.logger(target.safe_name)
+          @jail_info = {}
+          @logger.trace("Initializing jail connection to #{target.safe_name}")
+        end
+
+        def shell
+          @shell ||= Bolt::Shell::Bash.new(target, self)
+        end
+
+        def reset_cwd?
+          true
+        end
+
+        def jail_id
+          @jail_info['jid'].to_s
+        end
+
+        def jail_path
+          @jail_info['path']
+        end
+
+        def connect
+          output = JSON.parse(`jls --libxo=json`)
+          @jail_info = output['jail-information']['jail'].select { |jail| jail['hostname'] == target.host }.first
+          raise "Could not find a jail with name matching #{target.host}" if @jail_info.nil?
+          @logger.trace { "Opened session" }
+          true
+        rescue StandardError => e
+          raise Bolt::Node::ConnectError.new(
+            "Failed to connect to #{target.safe_name}: #{e.message}",
+            'CONNECT_ERROR'
+          )
+        end
+
+        def execute(command)
+          args = ['-lU', @user]
+
+          jail_command = %w[jexec] + args + [jail_id] + Shellwords.split(command)
+          @logger.trace { "Executing #{jail_command.join(' ')}" }
+
+          Open3.popen3({}, *jail_command)
+        rescue StandardError
+          @logger.trace { "Command aborted" }
+          raise
+        end
+
+        def upload_file(source, destination)
+          @logger.trace { "Uploading #{source} to #{destination}" }
+          jail_destination = File.join(jail_path, destination)
+          FileUtils.cp(source, jail_destination)
+        rescue StandardError => e
+          raise Bolt::Node::FileError.new(e.message, 'WRITE_ERROR')
+        end
+
+        def download_file(source, destination, _download)
+          @logger.trace { "Downloading #{source} to #{destination}" }
+          jail_source = File.join(jail_path, source)
+          FileUtils.mkdir_p(destination)
+          FileUtils.cp(jail_source, destination)
+        rescue StandardError => e
+          raise Bolt::Node::FileError.new(e.message, 'WRITE_ERROR')
+        end
+      end
+    end
+  end
+end

data/lib/bolt/transport/jail.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require_relative '../../bolt/transport/simple'
+
+module Bolt
+  module Transport
+    class Jail < Simple
+      def provided_features
+        ['shell']
+      end
+
+      def with_connection(target)
+        conn = Connection.new(target)
+        conn.connect
+        yield conn
+      end
+    end
+  end
+end
+
+require_relative 'jail/connection'

data/lib/bolt/transport/local/connection.rb

@@ -0,0 +1,106 @@
+# frozen_string_literal: true
+
+require 'open3'
+require 'fileutils'
+require 'tempfile'
+require_relative '../../../bolt/node/output'
+require_relative '../../../bolt/util'
+
+module Bolt
+  module Transport
+    class Local < Simple
+      class Connection
+        RUBY_ENV_VARS = %w[GEM_PATH GEM_HOME RUBYLIB RUBYLIB_PREFIX RUBYOPT RUBYPATH RUBYSHELL].freeze
+
+        attr_accessor :user, :logger, :target
+
+        def initialize(target)
+          @target = target
+          # The familiar problem: Etc.getlogin is broken on osx
+          @user = ENV['USER'] || Etc.getlogin
+          @logger = Bolt::Logger.logger(self)
+        end
+
+        def shell
+          @shell ||= if Bolt::Util.windows?
+                       Bolt::Shell::Powershell.new(target, self)
+                     else
+                       Bolt::Shell::Bash.new(target, self)
+                     end
+        end
+
+        def upload_file(source, dest)
+          @logger.trace { "Uploading #{source} to #{dest}" }
+          if source.is_a?(StringIO)
+            Tempfile.create(File.basename(dest)) do |f|
+              f.write(source.read)
+              f.close
+              FileUtils.mv(f, dest)
+            end
+          else
+            # Mimic the behavior of `cp --remove-destination`
+            # since the flag isn't supported on MacOS
+            FileUtils.cp_r(source, dest, remove_destination: true)
+          end
+        rescue StandardError => e
+          message = "Could not copy file to #{dest}: #{e}"
+          raise Bolt::Node::FileError.new(message, 'COPY_ERROR')
+        end
+
+        def download_file(source, dest, _download)
+          @logger.trace { "Downloading #{source} to #{dest}" }
+          # Create the destination directory for the target, or the
+          # copied file will have the target's name
+          FileUtils.mkdir_p(dest)
+          # Mimic the behavior of `cp --remove-destination`
+          # since the flag isn't supported on MacOS
+          FileUtils.cp_r(source, dest, remove_destination: true)
+        rescue StandardError => e
+          message = "Could not download file to #{dest}: #{e}"
+          raise Bolt::Node::FileError.new(message, 'DOWNLOAD_ERROR')
+        end
+
+        def execute(command)
+          if Bolt::Util.windows?
+            # If it's already a powershell command then invoke it normally.
+            # Otherwise, wrap it in powershell.exe.
+            unless command.start_with?('powershell.exe')
+              cmd = Bolt::Shell::Powershell::Snippets.exit_with_code(command)
+              command = ['powershell.exe', *Bolt::Shell::Powershell::PS_ARGS, '-Command', cmd]
+            end
+          end
+
+          # Only do this if bundled-ruby is set to false, not nil
+          ruby_env_vars = if target.transport_config['bundled-ruby'] == false
+                            RUBY_ENV_VARS.each_with_object({}) do |e, acc|
+                              if ENV["BOLT_ORIG_#{e}"] && !ENV["BOLT_ORIG_#{e}"].empty?
+                                acc[e] = ENV["BOLT_ORIG_#{e}"]
+                              end
+                            end
+                          end
+
+          if target.transport_config['bundled-ruby'] == false &&
+             Gem.loaded_specs.keys.include?('bundler')
+            Bundler.with_unbundled_env do
+              Open3.popen3(ruby_env_vars || {}, *command)
+            end
+          else
+            Open3.popen3(ruby_env_vars || {}, *command)
+          end
+        end
+
+        # This is used by the Bash shell to decide whether to `cd` before
+        # executing commands as a run-as user
+        def reset_cwd?
+          false
+        end
+
+        def max_command_length
+          if Bolt::Util.windows?
+            32000
+          end
+        end
+      end
+    end
+  end
+end

data/lib/bolt/transport/local.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require_relative '../../bolt/logger'
+require_relative '../../bolt/transport/simple'
+
+module Bolt
+  module Transport
+    class Local < Simple
+      def connected?(_target)
+        true
+      end
+
+      def with_connection(target)
+        yield Connection.new(target)
+      end
+    end
+  end
+end
+
+require_relative 'local/connection'

data/lib/bolt/transport/lxd/connection.rb

@@ -0,0 +1,115 @@
+# frozen_string_literal: true
+
+require 'logging'
+require_relative '../../../bolt/node/errors'
+
+module Bolt
+  module Transport
+    class LXD < Simple
+      class Connection
+        attr_reader :user, :target
+
+        def initialize(target, options)
+          raise Bolt::ValidationError, "Target #{target.safe_name} does not have a host" unless target.host
+
+          @target = target
+          @user = ENV['USER'] || Etc.getlogin
+          @options = options
+          @logger = Bolt::Logger.logger(target.safe_name)
+          @logger.trace("Initializing LXD connection to #{target.safe_name}")
+        end
+
+        def shell
+          Bolt::Shell::Bash.new(target, self)
+        end
+
+        def reset_cwd?
+          true
+        end
+
+        def container_id
+          "#{@target.transport_config['remote']}:#{@target.host}"
+        end
+
+        def connect
+          out, err, status = execute_local_command(%W[list #{container_id} --format json])
+          unless status.exitstatus.zero?
+            raise "Error listing available containers: #{err}"
+          end
+          containers = JSON.parse(out)
+          if containers.empty?
+            raise "Could not find a container with name or ID matching '#{container_id}'"
+          end
+          @logger.trace("Opened session")
+          true
+        rescue StandardError => e
+          raise Bolt::Node::ConnectError.new(
+            "Failed to connect to #{container_id}: #{e.message}",
+            'CONNECT_ERROR'
+          )
+        end
+
+        def add_env_vars(env_vars)
+          @env_vars = env_vars.each_with_object([]) do |env_var, acc|
+            acc << "--env"
+            acc << "#{env_var[0]}=#{Shellwords.shellescape(env_var[1])}"
+          end
+        end
+
+        def execute(command)
+          lxc_command = %W[lxc exec #{container_id}]
+          lxc_command += ['--mode', target.options['tty'].to_s.empty? ? 'non-interactive' : 'interactive']
+          lxc_command += @env_vars if @env_vars
+          lxc_command << '--'
+
+          if target.options['shell-command'].to_s.empty?
+            lxc_command += Shellwords.split(command)
+          else
+            lxc_command += Shellwords.split(target.options['shell-command'])
+            lxc_command << command
+          end
+
+          @logger.trace { "Executing: #{lxc_command.join(' ')}" }
+
+          Open3.popen3(*lxc_command)
+        rescue StandardError
+          @logger.trace { "Command aborted" }
+          raise
+        end
+
+        private def execute_local_command(command)
+          Open3.capture3('lxc', *command, { binmode: true })
+        end
+
+        def upload_file(source, destination)
+          @logger.trace { "Uploading #{source} to #{destination}" }
+          args = %w[--create-dirs]
+          if File.directory?(source)
+            args << '--recursive'
+            # If we don't do this, LXD will upload to
+            # /tmp/d2020-11/d2020-11/dir instead of /tmp/d2020-11/dir
+            destination = Pathname.new(destination).dirname.to_s
+          end
+          cmd = %w[file push] + args + %W[#{source} #{container_id}#{destination}]
+          _out, err, stat = execute_local_command(cmd)
+          unless stat.exitstatus.zero?
+            raise "Error writing to #{container_id}: #{err}"
+          end
+        rescue StandardError => e
+          raise Bolt::Node::FileError.new(e.message, 'WRITE_ERROR')
+        end
+
+        def download_file(source, destination, _download)
+          @logger.trace { "Downloading #{source} to #{destination}" }
+          FileUtils.mkdir_p(destination)
+          _out, err, stat = execute_local_command(%W[file pull --recursive #{container_id}#{source} #{destination}])
+          unless stat.exitstatus.zero?
+            raise "Error downloading content from container #{container_id}: #{err}"
+          end
+        rescue StandardError => e
+          raise Bolt::Node::FileError.new(e.message, 'WRITE_ERROR')
+        end
+      end
+    end
+  end
+end

data/lib/bolt/transport/lxd.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+require_relative '../../bolt/logger'
+require_relative '../../bolt/node/errors'
+require_relative '../../bolt/transport/simple'
+
+module Bolt
+  module Transport
+    class LXD < Simple
+      def provided_features
+        ['shell']
+      end
+
+      def with_connection(target, options = {})
+        Bolt::Logger.warn_once("lxd_experimental",
+                               "The LXD transport is experimental, and might "\
+                               "include breaking changes between minor versions.")
+        conn = Connection.new(target, options)
+        conn.connect
+        yield conn
+      end
+    end
+  end
+end
+
+require_relative 'lxd/connection'

data/lib/bolt/transport/orch/connection.rb

@@ -0,0 +1,111 @@
+# frozen_string_literal: true
+
+module Bolt
+  module Transport
+    class Orch < Base
+      class Connection
+        attr_reader :logger, :key
+
+        CONTEXT_KEYS = Set.new(%i[plan_name description params sensitive]).freeze
+
+        def self.get_key(opts)
+          [
+            opts['service-url'],
+            opts['task-environment'],
+            opts['token-file']
+          ].join('-')
+        end
+
+        def initialize(opts, plan_context, logger)
+          require 'addressable/uri'
+
+          @logger = logger
+          @key = self.class.get_key(opts)
+          client_opts = opts.slice('token-file', 'cacert', 'job-poll-interval', 'job-poll-timeout', 'read-timeout')
+
+          if opts['service-url']
+            uri = Addressable::URI.parse(opts['service-url'])
+            uri&.port ||= 8143
+            client_opts['service-url'] = uri.to_s
+          end
+
+          client_opts['User-Agent'] = "Bolt/#{VERSION}"
+
+          %w[token-file cacert].each do |f|
+            client_opts[f] = File.expand_path(client_opts[f]) if client_opts[f]
+          end
+          logger.debug("Creating orchestrator client for #{client_opts}")
+          @client = OrchestratorClient.new(client_opts, true)
+          @plan_context = plan_context
+          @plan_job = start_plan(@plan_context)
+          logger.debug("Started plan #{@plan_job}")
+          @environment = opts["task-environment"]
+        end
+
+        def start_plan(plan_context)
+          if plan_context
+            begin
+              opts = plan_context.select { |k, _| CONTEXT_KEYS.include? k }
+              opts[:params] = opts[:params].reject { |k, _| plan_context[:sensitive].include?(k) }
+              @client.command.plan_start(opts)['name']
+            rescue OrchestratorClient::ApiError => e
+              if e.code == '404'
+                @logger.debug("Orchestrator #{key} does not support plans")
+              else
+                @logger.error("Failed to start a plan with orchestrator #{key}: #{e.message}")
+              end
+              nil
+            end
+          end
+        end
+
+        def finish_plan(plan_result)
+          if @plan_job
+            @client.command.plan_finish(
+              plan_job: @plan_job,
+              result: plan_result.value || '',
+              status: plan_result.status
+            )
+          end
+        end
+
+        def get_certnames(targets)
+          targets.map { |t| t.host || t.name }
+        end
+
+        def build_request(targets, task, arguments, description = nil)
+          body = { task: task.name,
+                   environment: @environment,
+                   noop: arguments['_noop'],
+                   params: arguments.reject { |k, _| k.start_with?('_') },
+                   scope: {
+                     nodes: get_certnames(targets)
+                   } }
+          body[:description] = description if description
+          body[:plan_job] = @plan_job if @plan_job
+          body
+        end
+
+        def run_task(targets, task, arguments, options)
+          body = build_request(targets, task, arguments, options[:description])
+          @client.run_task(body)
+        rescue OrchestratorClient::ApiError => e
+          if e.data['kind'] == 'puppetlabs.orchestrator/plan-already-finished'
+            @logger.debug("Retrying the task")
+            # Instead of recursing, just retry once
+            @plan_job = start_plan(@plan_context)
+            # Rebuild the request with the new plan job ID
+            body = build_request(targets, task, arguments, options[:description])
+            @client.run_task(body)
+          else
+            raise e
+          end
+        end
+
+        def query_inventory(targets)
+          @client.post('inventory', nodes: get_certnames(targets))
+        end
+      end
+    end
+  end
+end