ruby-pwsh 1.1.1 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1ac282abeea132104fda1b3fc2f4743f4b99603cdd6b73a42b7063641c9e65d9
-  data.tar.gz: 410bc1d7a7b08366a89019324b172219102197f8aa6891bcfaa1729e3bd76925
+  metadata.gz: e217873cdddb9b32ba467e0a9f5de6977c04b11a1c0788613dda6181e96a62bd
+  data.tar.gz: 8dc82dfad8869d7c632ba3d902b4e22c375aeb5988f84e359269163da885b604
 SHA512:
-  metadata.gz: 0fd8c7af3f87ce61121a7404b66cfae5cf78fea8bdb885dc7715467bb5092bd974a9fd4d7f94824fe10675d56b4e4dc7b439826f95bc5d9672f14fcb74692501
-  data.tar.gz: 198328e45920aa2794cab2984e090c14c81ce56b4b038e4ae0b7f22ad66d327d0bbd34b5726709108c14609324dba1687a83a2f67026a2d8abf12d749067ca27
+  metadata.gz: a7e02f1cee48fa49316c133268a16f9bc3b8f195927834854c81eee134cdb7056710cd1be04eaf992ca036aa2b014175d06ebf8684eef6354ef8d10a07a62e31
+  data.tar.gz: da78f276002b67faf3716ce0b8157fe3cf0edbbeb5da3ae1145c3ed696e386838285138fdd0c75b8a592b677b7631c66ce07355a25788dee58354af0ecdd9eaa

data/README.md

@@ -86,6 +86,10 @@ The following platforms are supported:
 - RedHat
 - Ubuntu
 
+## Limitations
+
+- When PowerShell [Script Block Logging](https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_logging_windows?view=powershell-7.4#enabling-script-block-logging) is enabled, data marked as sensitive in your manifest may appear in these logs as plain text. It is **highly recommended**, by both Puppet and Microsoft, that you also enable [Protected Event Logging](https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_logging_windows?view=powershell-7.4#protected-event-logging) alongside this to encrypt the logs to protect this information.
+
 ## License
 
 This codebase is licensed under Apache 2.0. However, the open source dependencies included in this codebase might be subject to other software licenses such as AGPL, GPL2.0, and MIT.

data/lib/puppet/provider/dsc_base_provider/dsc_base_provider.rb

@@ -15,6 +15,7 @@ class Puppet::Provider::DscBaseProvider # rubocop:disable Metrics/ClassLength
     @cached_query_results = []
     @cached_test_results = []
     @logon_failures = []
+    @timeout = nil # default timeout, ps_manager.execute is expecting nil by default..
     super
   end
 
@@ -251,18 +252,22 @@ class Puppet::Provider::DscBaseProvider # rubocop:disable Metrics/ClassLength
       context.err('Logon credentials are invalid')
       return nil
     end
+    specify_dsc_timeout(name_hash)
     resource = invocable_resource(props, context, method)
     script_content = ps_script_content(resource)
+    context.debug("Invoke-DSC Timeout: #{@timeout} milliseconds") if @timeout
     context.debug("Script:\n #{redact_secrets(script_content)}")
-    output = ps_manager.execute(remove_secret_identifiers(script_content))[:stdout]
+    output = ps_manager.execute(remove_secret_identifiers(script_content), @timeout)
 
-    if output.nil?
-      context.err('Nothing returned')
+    if output[:stdout].nil?
+      message = 'Nothing returned.'
+      message += " #{output[:errormessage]}" if output[:errormessage]&.match?(/PowerShell module timeout \(\d+ ms\) exceeded while executing/)
+      context.err(message)
       return nil
     end
 
     begin
-      data = JSON.parse(output)
+      data = JSON.parse(output[:stdout])
     rescue StandardError => e
       context.err(e)
       return nil
@@ -295,6 +300,18 @@ class Puppet::Provider::DscBaseProvider # rubocop:disable Metrics/ClassLength
     data
   end
 
+  # Sets the @timeout instance variable.
+  # @param name_hash [Hash] the hash of namevars to be passed as properties to `Invoke-DscResource`
+  # The @timeout variable is set to the value of name_hash[:dsc_timeout] in milliseconds
+  # If name_hash[:dsc_timeout] is nil, @timeout is not changed.
+  # If @timeout is already set to a value other than nil,
+  # it is changed only if it's different from name_hash[:dsc_timeout]..
+  def specify_dsc_timeout(name_hash)
+    return unless name_hash[:dsc_timeout] && (@timeout.nil? || @timeout != name_hash[:dsc_timeout])
+
+    @timeout = name_hash[:dsc_timeout] * 1000
+  end
+
   # Retries Invoke-DscResource when returned error matches error regex supplied as param.
   # @param context [Object] the Puppet runtime context to operate in and send feedback to
   # @param max_retry_count [Int] max number of times to retry Invoke-DscResource
@@ -665,16 +682,16 @@ class Puppet::Provider::DscBaseProvider # rubocop:disable Metrics/ClassLength
     context.type.attributes.select { |_attribute, properties| properties[:mandatory_for_set] }.keys
   end
 
-  # Parses the DSC resource type definition to retrieve the names of any attributes which are specifed as required strings
-  # This is used to ensure that any nil values are converted to empty strings to match puppets expecetd value
+  # Parses the DSC resource type definition to retrieve the names of any attributes which are specified as required strings
+  # This is used to ensure that any nil values are converted to empty strings to match puppets expected value
   # @param context [Object] the Puppet runtime context to operate in and send feedback to
   # @param data [Hash] the hash of properties returned from the DSC resource
   # @return [Hash] returns a data hash with any nil values converted to empty strings
   def stringify_nil_attributes(context, data)
-    nil_strings = data.select { |_name, value| value.nil? }.keys
-    string_attrs = context.type.attributes.select { |_name, properties| properties[:type] == 'String' }.keys
-    string_attrs.each do |attribute|
-      data[attribute] = '' if nil_strings.include?(attribute)
+    nil_attributes = data.select { |_name, value| value.nil? }.keys
+    nil_attributes.each do |nil_attr|
+      attribute_type = context.type.attributes[nil_attr][:type]
+      data[nil_attr] = '' if (attribute_type.include?('Enum[') && enum_values(context, nil_attr).include?('')) || attribute_type == 'String'
     end
     data
   end
@@ -1076,6 +1093,10 @@ class Puppet::Provider::DscBaseProvider # rubocop:disable Metrics/ClassLength
   def ps_manager
     debug_output = Puppet::Util::Log.level == :debug
     # TODO: Allow you to specify an alternate path, either to pwsh generally or a specific pwsh path.
-    Pwsh::Manager.instance(Pwsh::Manager.powershell_path, Pwsh::Manager.powershell_args, debug: debug_output)
+    if Pwsh::Util.on_windows?
+      Pwsh::Manager.instance(Pwsh::Manager.powershell_path, Pwsh::Manager.powershell_args, debug: debug_output)
+    else
+      Pwsh::Manager.instance(Pwsh::Manager.pwsh_path, Pwsh::Manager.pwsh_args, debug: debug_output)
+    end
   end
 end

data/lib/puppet/provider/dsc_base_provider/invoke_dsc_resource_functions.ps1

@@ -123,4 +123,4 @@ Function ConvertTo-CanonicalResult {
 
   # Output the final result
   $ResultObject
-}
+}

data/lib/pwsh/util.rb

@@ -7,12 +7,12 @@ module Pwsh
     module_function
 
     # Verifies whether or not the current context is running on a Windows node.
+    # Implementation copied from `facets`: https://github.com/rubyworks/facets/blob/main/lib/standard/facets/rbconfig.rb
     #
     # @return [Bool] true if on windows
     def on_windows?
-      # Ruby only sets File::ALT_SEPARATOR on Windows and the Ruby standard
-      # library uses that to test what platform it's on.
-      !!File::ALT_SEPARATOR
+      host_os = RbConfig::CONFIG['host_os']
+      !!(host_os =~ /mswin|mingw/)
     end
 
     # Verify paths specified are valid directories which exist.

data/lib/pwsh/version.rb

@@ -2,5 +2,5 @@
 
 module Pwsh
   # The version of the ruby-pwsh gem
-  VERSION = '1.1.1'
+  VERSION = '1.2.0'
 end

data/lib/pwsh.rb

@@ -380,7 +380,7 @@ module Pwsh
           pwsh_paths << File.join(path, 'pwsh.exe') if File.exist?(File.join(path, 'pwsh.exe'))
         end
       else
-        search_paths.split(File::PATH_SEPARATOR).each do |path|
+        search_paths.split(':').each do |path|
           pwsh_paths << File.join(path, 'pwsh') if File.exist?(File.join(path, 'pwsh'))
         end
       end

data/spec/unit/puppet/provider/dsc_base_provider/dsc_base_provider_spec.rb

@@ -541,7 +541,7 @@ RSpec.describe Puppet::Provider::DscBaseProvider do
 
     context 'when the invocation script returns data without errors' do
       before do
-        allow(ps_manager).to receive(:execute).with(script).and_return({ stdout: 'DSC Data' })
+        allow(ps_manager).to receive(:execute).with(script, nil).and_return({ stdout: 'DSC Data' })
         allow(JSON).to receive(:parse).with('DSC Data').and_return(parsed_invocation_data)
         allow(Puppet::Pops::Time::Timestamp).to receive(:parse).with('2100-01-01').and_return('TimeStamp:2100-01-01')
         allow(provider).to receive(:fetch_cached_hashes).and_return([])
@@ -659,15 +659,15 @@ RSpec.describe Puppet::Provider::DscBaseProvider do
     context 'when the DSC invocation errors' do
       it 'writes an error and returns nil' do
         expect(provider).not_to receive(:logon_failed_already?)
-        expect(ps_manager).to receive(:execute).with(script).and_return({ stdout: nil })
-        expect(context).to receive(:err).with('Nothing returned')
+        expect(ps_manager).to receive(:execute).with(script, nil).and_return({ stdout: nil })
+        expect(context).to receive(:err).with('Nothing returned.')
         expect(result).to be_nil
       end
     end
 
     context 'when handling DateTimes' do
       before do
-        allow(ps_manager).to receive(:execute).with(script).and_return({ stdout: 'DSC Data' })
+        allow(ps_manager).to receive(:execute).with(script, nil).and_return({ stdout: 'DSC Data' })
         allow(JSON).to receive(:parse).with('DSC Data').and_return(parsed_invocation_data)
         allow(provider).to receive(:fetch_cached_hashes).and_return([])
       end
@@ -719,7 +719,7 @@ RSpec.describe Puppet::Provider::DscBaseProvider do
       context 'when the credential is invalid' do
         before do
           allow(provider).to receive(:logon_failed_already?).and_return(false)
-          allow(ps_manager).to receive(:execute).with(script).and_return({ stdout: 'DSC Data' })
+          allow(ps_manager).to receive(:execute).with(script, nil).and_return({ stdout: 'DSC Data' })
           allow(JSON).to receive(:parse).with('DSC Data').and_return({ 'errormessage' => dsc_logon_failure_error })
           allow(context).to receive(:err).with(name_hash[:name], puppet_logon_failure_error)
         end
@@ -783,7 +783,7 @@ RSpec.describe Puppet::Provider::DscBaseProvider do
     context 'when the invocation script returns nil' do
       it 'errors via context but does not raise' do
         expect(ps_manager).to receive(:execute).and_return({ stdout: nil })
-        expect(context).to receive(:err).with('Nothing returned')
+        expect(context).to receive(:err).with('Nothing returned.')
         expect { result }.not_to raise_error
       end
     end
@@ -835,9 +835,29 @@ RSpec.describe Puppet::Provider::DscBaseProvider do
       end
     end
 
+    context 'when a dsc_timeout is specified' do
+      let(:should_hash) { name.merge(dsc_timeout: 5) }
+      let(:apply_props_with_timeout) { { dsc_name: 'foo', dsc_timeout: 5 } }
+      let(:resource_with_timeout) { "Resource: #{apply_props_with_timeout}" }
+      let(:script_with_timeout) { "Script: #{apply_props_with_timeout}" }
+
+      before do
+        allow(provider).to receive(:invocable_resource).with(apply_props_with_timeout, context, 'set').and_return(resource_with_timeout)
+        allow(provider).to receive(:ps_script_content).with(resource_with_timeout).and_return(script_with_timeout)
+        allow(provider).to receive(:remove_secret_identifiers).with(script_with_timeout).and_return(script_with_timeout)
+      end
+
+      it 'sets @timeout and passes it to ps_manager.execute' do
+        provider.instance_variable_set(:@timeout, nil)
+        expect(ps_manager).to receive(:execute).with(script_with_timeout, 5000).and_return({ stdout: '{"in_desired_state": true, "errormessage": null}' })
+        provider.invoke_set_method(context, name, should_hash)
+        expect(provider.instance_variable_get(:@timeout)).to eq(5000)
+      end
+    end
+
     context 'when the invocation script returns data without errors' do
       it 'filters for the correct properties to invoke and returns the results' do
-        expect(ps_manager).to receive(:execute).with("Script: #{apply_props}").and_return({ stdout: '{"in_desired_state": true, "errormessage": null}' })
+        expect(ps_manager).to receive(:execute).with("Script: #{apply_props}", nil).and_return({ stdout: '{"in_desired_state": true, "errormessage": null}' })
         expect(context).not_to receive(:err)
         expect(result).to eq({ 'in_desired_state' => true, 'errormessage' => nil })
       end
@@ -2110,21 +2130,44 @@ RSpec.describe Puppet::Provider::DscBaseProvider do
   end
 
   describe '.ps_manager' do
-    before do
-      allow(Pwsh::Manager).to receive(:powershell_path).and_return('pwsh')
-      allow(Pwsh::Manager).to receive(:powershell_args).and_return('args')
-    end
+    describe '.ps_manager on non-Windows' do
+      before do
+        allow(Pwsh::Util).to receive(:on_windows?).and_return(false)
+        allow(Pwsh::Manager).to receive(:pwsh_path).and_return('pwsh')
+        allow(Pwsh::Manager).to receive(:pwsh_args).and_return('args')
+      end
+
+      it 'Initializes an instance of the Pwsh::Manager' do
+        expect(Puppet::Util::Log).to receive(:level).and_return(:normal)
+        expect(Pwsh::Manager).to receive(:instance).with('pwsh', 'args', debug: false)
+        expect { provider.ps_manager }.not_to raise_error
+      end
 
-    it 'Initializes an instance of the Pwsh::Manager' do
-      expect(Puppet::Util::Log).to receive(:level).and_return(:normal)
-      expect(Pwsh::Manager).to receive(:instance).with('pwsh', 'args', debug: false)
-      expect { provider.ps_manager }.not_to raise_error
+      it 'passes debug as true if Puppet::Util::Log.level is debug' do
+        expect(Puppet::Util::Log).to receive(:level).and_return(:debug)
+        expect(Pwsh::Manager).to receive(:instance).with('pwsh', 'args', debug: true)
+        expect { provider.ps_manager }.not_to raise_error
+      end
     end
 
-    it 'passes debug as true if Puppet::Util::Log.level is debug' do
-      expect(Puppet::Util::Log).to receive(:level).and_return(:debug)
-      expect(Pwsh::Manager).to receive(:instance).with('pwsh', 'args', debug: true)
-      expect { provider.ps_manager }.not_to raise_error
+    describe '.ps_manager on Windows' do
+      before do
+        allow(Pwsh::Util).to receive(:on_windows?).and_return(true)
+        allow(Pwsh::Manager).to receive(:powershell_path).and_return('pwsh')
+        allow(Pwsh::Manager).to receive(:powershell_args).and_return('args')
+      end
+
+      it 'Initializes an instance of the Pwsh::Manager' do
+        expect(Puppet::Util::Log).to receive(:level).and_return(:normal)
+        expect(Pwsh::Manager).to receive(:instance).with('pwsh', 'args', debug: false)
+        expect { provider.ps_manager }.not_to raise_error
+      end
+
+      it 'passes debug as true if Puppet::Util::Log.level is debug' do
+        expect(Puppet::Util::Log).to receive(:level).and_return(:debug)
+        expect(Pwsh::Manager).to receive(:instance).with('pwsh', 'args', debug: true)
+        expect { provider.ps_manager }.not_to raise_error
+      end
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ruby-pwsh
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 1.2.0
 platform: ruby
 authors:
 - Puppet, Inc.
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2024-02-21 00:00:00.000000000 Z
+date: 2024-08-15 00:00:00.000000000 Z
 dependencies: []
 description: PowerShell code manager for ruby.
 email: