ruby-pwsh 1.1.1 → 1.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1ac282abeea132104fda1b3fc2f4743f4b99603cdd6b73a42b7063641c9e65d9
-  data.tar.gz: 410bc1d7a7b08366a89019324b172219102197f8aa6891bcfaa1729e3bd76925
+  metadata.gz: 106716635e03eef49ab00c8dd35cf16a5674a27452968b16ba7756ba252b97be
+  data.tar.gz: 4bd6c34343347a1d705cea410346028bbb91446bf5983e75409f16c7730f1000
 SHA512:
-  metadata.gz: 0fd8c7af3f87ce61121a7404b66cfae5cf78fea8bdb885dc7715467bb5092bd974a9fd4d7f94824fe10675d56b4e4dc7b439826f95bc5d9672f14fcb74692501
-  data.tar.gz: 198328e45920aa2794cab2984e090c14c81ce56b4b038e4ae0b7f22ad66d327d0bbd34b5726709108c14609324dba1687a83a2f67026a2d8abf12d749067ca27
+  metadata.gz: f8b6c0c4ff6eabbc9a842cc863d76128dbccca74fabfef02b4aea6ba54f3a01ffd3d97447df4ccc027a8f22cf6a7b430b0893e34d0de7989e742442cf56b5ef9
+  data.tar.gz: 2404be74308d1b80c5d8f775f49f0f0ac6ae7deab47fe7c38e25e79852aac42f87e16b5cea5e4a4617cdde6eac1236cc8407a0e10fe2c9198bcfd0d6e88a7548

data/README.md

@@ -85,6 +85,11 @@ The following platforms are supported:
 - OSX
 - RedHat
 - Ubuntu
+- AlmaLinux
+
+## Limitations
+
+- When PowerShell [Script Block Logging](https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_logging_windows?view=powershell-7.4#enabling-script-block-logging) is enabled, data marked as sensitive in your manifest may appear in these logs as plain text. It is **highly recommended**, by both Puppet and Microsoft, that you also enable [Protected Event Logging](https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_logging_windows?view=powershell-7.4#protected-event-logging) alongside this to encrypt the logs to protect this information.
 
 ## License
 

data/lib/puppet/provider/dsc_base_provider/dsc_base_provider.rb

@@ -15,6 +15,7 @@ class Puppet::Provider::DscBaseProvider # rubocop:disable Metrics/ClassLength
     @cached_query_results = []
     @cached_test_results = []
     @logon_failures = []
+    @timeout = nil # default timeout, ps_manager.execute is expecting nil by default..
     super
   end
 
@@ -251,18 +252,22 @@ class Puppet::Provider::DscBaseProvider # rubocop:disable Metrics/ClassLength
       context.err('Logon credentials are invalid')
       return nil
     end
+    specify_dsc_timeout(name_hash)
     resource = invocable_resource(props, context, method)
     script_content = ps_script_content(resource)
+    context.debug("Invoke-DSC Timeout: #{@timeout} milliseconds") if @timeout
     context.debug("Script:\n #{redact_secrets(script_content)}")
-    output = ps_manager.execute(remove_secret_identifiers(script_content))[:stdout]
+    output = ps_manager.execute(remove_secret_identifiers(script_content), @timeout)
 
-    if output.nil?
-      context.err('Nothing returned')
+    if output[:stdout].nil?
+      message = 'Nothing returned.'
+      message += " #{output[:errormessage]}" if output[:errormessage]&.match?(/PowerShell module timeout \(\d+ ms\) exceeded while executing/)
+      context.err(message)
       return nil
     end
 
     begin
-      data = JSON.parse(output)
+      data = JSON.parse(output[:stdout])
     rescue StandardError => e
       context.err(e)
       return nil
@@ -295,6 +300,18 @@ class Puppet::Provider::DscBaseProvider # rubocop:disable Metrics/ClassLength
     data
   end
 
+  # Sets the @timeout instance variable.
+  # @param name_hash [Hash] the hash of namevars to be passed as properties to `Invoke-DscResource`
+  # The @timeout variable is set to the value of name_hash[:dsc_timeout] in milliseconds
+  # If name_hash[:dsc_timeout] is nil, @timeout is not changed.
+  # If @timeout is already set to a value other than nil,
+  # it is changed only if it's different from name_hash[:dsc_timeout]..
+  def specify_dsc_timeout(name_hash)
+    return unless name_hash[:dsc_timeout] && (@timeout.nil? || @timeout != name_hash[:dsc_timeout])
+
+    @timeout = name_hash[:dsc_timeout] * 1000
+  end
+
   # Retries Invoke-DscResource when returned error matches error regex supplied as param.
   # @param context [Object] the Puppet runtime context to operate in and send feedback to
   # @param max_retry_count [Int] max number of times to retry Invoke-DscResource
@@ -1076,6 +1093,10 @@ class Puppet::Provider::DscBaseProvider # rubocop:disable Metrics/ClassLength
   def ps_manager
     debug_output = Puppet::Util::Log.level == :debug
     # TODO: Allow you to specify an alternate path, either to pwsh generally or a specific pwsh path.
-    Pwsh::Manager.instance(Pwsh::Manager.powershell_path, Pwsh::Manager.powershell_args, debug: debug_output)
+    if Pwsh::Util.on_windows?
+      Pwsh::Manager.instance(Pwsh::Manager.powershell_path, Pwsh::Manager.powershell_args, debug: debug_output)
+    else
+      Pwsh::Manager.instance(Pwsh::Manager.pwsh_path, Pwsh::Manager.pwsh_args, debug: debug_output)
+    end
   end
 end

data/lib/pwsh/util.rb

@@ -7,28 +7,24 @@ module Pwsh
     module_function
 
     # Verifies whether or not the current context is running on a Windows node.
+    # Implementation copied from `facets`: https://github.com/rubyworks/facets/blob/main/lib/standard/facets/rbconfig.rb
     #
     # @return [Bool] true if on windows
     def on_windows?
-      # Ruby only sets File::ALT_SEPARATOR on Windows and the Ruby standard
-      # library uses that to test what platform it's on.
-      !!File::ALT_SEPARATOR
+      host_os = RbConfig::CONFIG['host_os']
+      !!(host_os =~ /mswin|mingw/)
     end
 
-    # Verify paths specified are valid directories which exist.
-    #
-    # @return [Bool] true if any directories specified do not exist
+    # Verify paths specified are valid directories.
+    # Skips paths which do not exist.
+    # @return [Bool] true if any paths specified are not valid directories
     def invalid_directories?(path_collection)
-      invalid_paths = false
-
-      return invalid_paths if path_collection.nil? || path_collection.empty?
+      return false if path_collection.nil? || path_collection.empty?
 
-      paths = on_windows? ? path_collection.split(';') : path_collection.split(':')
-      paths.each do |path|
-        invalid_paths = true unless File.directory?(path) || path.empty?
-      end
+      delimiter = on_windows? ? ';' : ':'
+      paths = path_collection.split(delimiter)
 
-      invalid_paths
+      paths.any? { |path| !path.empty? && File.exist?(path) && !File.directory?(path) }
     end
 
     # Return a string or symbol converted to snake_case

data/lib/pwsh/version.rb

@@ -2,5 +2,5 @@
 
 module Pwsh
   # The version of the ruby-pwsh gem
-  VERSION = '1.1.1'
+  VERSION = '1.2.1'
 end

data/lib/pwsh.rb

@@ -108,7 +108,7 @@ module Pwsh
       @powershell_command = cmd
       @powershell_arguments = args
 
-      raise "Bad configuration for ENV['lib']=#{ENV['lib']} - invalid path" if Pwsh::Util.invalid_directories?(ENV['lib'])
+      warn "Bad configuration for ENV['lib']=#{ENV['lib']} - invalid path" if Pwsh::Util.invalid_directories?(ENV['lib'])
 
       if Pwsh::Util.on_windows?
         # Named pipes under Windows will automatically be mounted in \\.\pipe\...
@@ -380,7 +380,7 @@ module Pwsh
           pwsh_paths << File.join(path, 'pwsh.exe') if File.exist?(File.join(path, 'pwsh.exe'))
         end
       else
-        search_paths.split(File::PATH_SEPARATOR).each do |path|
+        search_paths.split(':').each do |path|
           pwsh_paths << File.join(path, 'pwsh') if File.exist?(File.join(path, 'pwsh'))
         end
       end

data/spec/unit/puppet/provider/dsc_base_provider/dsc_base_provider_spec.rb

@@ -541,7 +541,7 @@ RSpec.describe Puppet::Provider::DscBaseProvider do
 
     context 'when the invocation script returns data without errors' do
       before do
-        allow(ps_manager).to receive(:execute).with(script).and_return({ stdout: 'DSC Data' })
+        allow(ps_manager).to receive(:execute).with(script, nil).and_return({ stdout: 'DSC Data' })
         allow(JSON).to receive(:parse).with('DSC Data').and_return(parsed_invocation_data)
         allow(Puppet::Pops::Time::Timestamp).to receive(:parse).with('2100-01-01').and_return('TimeStamp:2100-01-01')
         allow(provider).to receive(:fetch_cached_hashes).and_return([])
@@ -659,15 +659,15 @@ RSpec.describe Puppet::Provider::DscBaseProvider do
     context 'when the DSC invocation errors' do
       it 'writes an error and returns nil' do
         expect(provider).not_to receive(:logon_failed_already?)
-        expect(ps_manager).to receive(:execute).with(script).and_return({ stdout: nil })
-        expect(context).to receive(:err).with('Nothing returned')
+        expect(ps_manager).to receive(:execute).with(script, nil).and_return({ stdout: nil })
+        expect(context).to receive(:err).with('Nothing returned.')
         expect(result).to be_nil
       end
     end
 
     context 'when handling DateTimes' do
       before do
-        allow(ps_manager).to receive(:execute).with(script).and_return({ stdout: 'DSC Data' })
+        allow(ps_manager).to receive(:execute).with(script, nil).and_return({ stdout: 'DSC Data' })
         allow(JSON).to receive(:parse).with('DSC Data').and_return(parsed_invocation_data)
         allow(provider).to receive(:fetch_cached_hashes).and_return([])
       end
@@ -719,7 +719,7 @@ RSpec.describe Puppet::Provider::DscBaseProvider do
       context 'when the credential is invalid' do
         before do
           allow(provider).to receive(:logon_failed_already?).and_return(false)
-          allow(ps_manager).to receive(:execute).with(script).and_return({ stdout: 'DSC Data' })
+          allow(ps_manager).to receive(:execute).with(script, nil).and_return({ stdout: 'DSC Data' })
           allow(JSON).to receive(:parse).with('DSC Data').and_return({ 'errormessage' => dsc_logon_failure_error })
           allow(context).to receive(:err).with(name_hash[:name], puppet_logon_failure_error)
         end
@@ -783,7 +783,7 @@ RSpec.describe Puppet::Provider::DscBaseProvider do
     context 'when the invocation script returns nil' do
       it 'errors via context but does not raise' do
         expect(ps_manager).to receive(:execute).and_return({ stdout: nil })
-        expect(context).to receive(:err).with('Nothing returned')
+        expect(context).to receive(:err).with('Nothing returned.')
         expect { result }.not_to raise_error
       end
     end
@@ -835,9 +835,29 @@ RSpec.describe Puppet::Provider::DscBaseProvider do
       end
     end
 
+    context 'when a dsc_timeout is specified' do
+      let(:should_hash) { name.merge(dsc_timeout: 5) }
+      let(:apply_props_with_timeout) { { dsc_name: 'foo', dsc_timeout: 5 } }
+      let(:resource_with_timeout) { "Resource: #{apply_props_with_timeout}" }
+      let(:script_with_timeout) { "Script: #{apply_props_with_timeout}" }
+
+      before do
+        allow(provider).to receive(:invocable_resource).with(apply_props_with_timeout, context, 'set').and_return(resource_with_timeout)
+        allow(provider).to receive(:ps_script_content).with(resource_with_timeout).and_return(script_with_timeout)
+        allow(provider).to receive(:remove_secret_identifiers).with(script_with_timeout).and_return(script_with_timeout)
+      end
+
+      it 'sets @timeout and passes it to ps_manager.execute' do
+        provider.instance_variable_set(:@timeout, nil)
+        expect(ps_manager).to receive(:execute).with(script_with_timeout, 5000).and_return({ stdout: '{"in_desired_state": true, "errormessage": null}' })
+        provider.invoke_set_method(context, name, should_hash)
+        expect(provider.instance_variable_get(:@timeout)).to eq(5000)
+      end
+    end
+
     context 'when the invocation script returns data without errors' do
       it 'filters for the correct properties to invoke and returns the results' do
-        expect(ps_manager).to receive(:execute).with("Script: #{apply_props}").and_return({ stdout: '{"in_desired_state": true, "errormessage": null}' })
+        expect(ps_manager).to receive(:execute).with("Script: #{apply_props}", nil).and_return({ stdout: '{"in_desired_state": true, "errormessage": null}' })
         expect(context).not_to receive(:err)
         expect(result).to eq({ 'in_desired_state' => true, 'errormessage' => nil })
       end
@@ -2110,21 +2130,44 @@ RSpec.describe Puppet::Provider::DscBaseProvider do
   end
 
   describe '.ps_manager' do
-    before do
-      allow(Pwsh::Manager).to receive(:powershell_path).and_return('pwsh')
-      allow(Pwsh::Manager).to receive(:powershell_args).and_return('args')
-    end
+    describe '.ps_manager on non-Windows' do
+      before do
+        allow(Pwsh::Util).to receive(:on_windows?).and_return(false)
+        allow(Pwsh::Manager).to receive(:pwsh_path).and_return('pwsh')
+        allow(Pwsh::Manager).to receive(:pwsh_args).and_return('args')
+      end
+
+      it 'Initializes an instance of the Pwsh::Manager' do
+        expect(Puppet::Util::Log).to receive(:level).and_return(:normal)
+        expect(Pwsh::Manager).to receive(:instance).with('pwsh', 'args', debug: false)
+        expect { provider.ps_manager }.not_to raise_error
+      end
 
-    it 'Initializes an instance of the Pwsh::Manager' do
-      expect(Puppet::Util::Log).to receive(:level).and_return(:normal)
-      expect(Pwsh::Manager).to receive(:instance).with('pwsh', 'args', debug: false)
-      expect { provider.ps_manager }.not_to raise_error
+      it 'passes debug as true if Puppet::Util::Log.level is debug' do
+        expect(Puppet::Util::Log).to receive(:level).and_return(:debug)
+        expect(Pwsh::Manager).to receive(:instance).with('pwsh', 'args', debug: true)
+        expect { provider.ps_manager }.not_to raise_error
+      end
     end
 
-    it 'passes debug as true if Puppet::Util::Log.level is debug' do
-      expect(Puppet::Util::Log).to receive(:level).and_return(:debug)
-      expect(Pwsh::Manager).to receive(:instance).with('pwsh', 'args', debug: true)
-      expect { provider.ps_manager }.not_to raise_error
+    describe '.ps_manager on Windows' do
+      before do
+        allow(Pwsh::Util).to receive(:on_windows?).and_return(true)
+        allow(Pwsh::Manager).to receive(:powershell_path).and_return('pwsh')
+        allow(Pwsh::Manager).to receive(:powershell_args).and_return('args')
+      end
+
+      it 'Initializes an instance of the Pwsh::Manager' do
+        expect(Puppet::Util::Log).to receive(:level).and_return(:normal)
+        expect(Pwsh::Manager).to receive(:instance).with('pwsh', 'args', debug: false)
+        expect { provider.ps_manager }.not_to raise_error
+      end
+
+      it 'passes debug as true if Puppet::Util::Log.level is debug' do
+        expect(Puppet::Util::Log).to receive(:level).and_return(:debug)
+        expect(Pwsh::Manager).to receive(:instance).with('pwsh', 'args', debug: true)
+        expect { provider.ps_manager }.not_to raise_error
+      end
     end
   end
 end

data/spec/unit/pwsh/util_spec.rb

@@ -87,13 +87,15 @@ RSpec.describe Pwsh::Util do
   end
 
   describe '.invalid_directories?' do
-    let(:valid_path_a)  { 'C:/some/folder' }
-    let(:valid_path_b)  { 'C:/another/folder' }
-    let(:valid_paths)   { 'C:/some/folder;C:/another/folder' }
-    let(:invalid_path)  { 'C:/invalid/path' }
-    let(:mixed_paths)   { 'C:/some/folder;C:/invalid/path;C:/another/folder' }
-    let(:empty_string)  { '' }
-    let(:empty_members) { 'C:/some/folder;;C:/another/folder' }
+    let(:valid_path_a)     { 'C:/some/folder' }
+    let(:valid_path_b)     { 'C:/another/folder' }
+    let(:valid_paths)      { 'C:/some/folder;C:/another/folder' }
+    let(:invalid_path)     { 'C:/invalid/path' }
+    let(:mixed_paths)      { 'C:/some/folder;C:/another/folder;C:/invalid/path' }
+    let(:empty_string)     { '' }
+    let(:file_path)        { 'C:/some/folder/file.txt' }
+    let(:non_existent_dir) { 'C:/some/dir/that/doesnt/exist' }
+    let(:empty_members)    { 'C:/some/folder;;C:/another/folder' }
 
     it 'returns false if passed nil' do
       expect(described_class.invalid_directories?(nil)).to be false
@@ -103,8 +105,16 @@ RSpec.describe Pwsh::Util do
       expect(described_class.invalid_directories?('')).to be false
     end
 
+    it 'returns true if a file path is provided' do
+      expect(described_class).to receive(:on_windows?).and_return(true)
+      expect(File).to receive(:exist?).with(file_path).and_return(true)
+      expect(File).to receive(:directory?).with(file_path).and_return(false)
+      expect(described_class.invalid_directories?(file_path)).to be true
+    end
+
     it 'returns false if one valid path is provided' do
       expect(described_class).to receive(:on_windows?).and_return(true)
+      expect(File).to receive(:exist?).with(valid_path_a).and_return(true)
       expect(File).to receive(:directory?).with(valid_path_a).and_return(true)
       expect(described_class.invalid_directories?(valid_path_a)).to be false
     end
@@ -112,31 +122,56 @@ RSpec.describe Pwsh::Util do
     it 'returns false if a collection of valid paths is provided' do
       expect(described_class).to receive(:on_windows?).and_return(true)
       expect(File).to receive(:directory?).with(valid_path_a).and_return(true)
+      expect(File).to receive(:exist?).with(valid_path_a).and_return(true)
       expect(File).to receive(:directory?).with(valid_path_b).and_return(true)
+      expect(File).to receive(:exist?).with(valid_path_b).and_return(true)
       expect(described_class.invalid_directories?(valid_paths)).to be false
     end
 
     it 'returns true if there is only one path and it is invalid' do
       expect(described_class).to receive(:on_windows?).and_return(true)
+      expect(File).to receive(:exist?).with(invalid_path).and_return(true)
       expect(File).to receive(:directory?).with(invalid_path).and_return(false)
       expect(described_class.invalid_directories?(invalid_path)).to be true
     end
 
     it 'returns true if the collection has on valid and one invalid member' do
       expect(described_class).to receive(:on_windows?).and_return(true)
+      expect(File).to receive(:exist?).with(valid_path_a).and_return(true)
       expect(File).to receive(:directory?).with(valid_path_a).and_return(true)
+      expect(File).to receive(:exist?).with(valid_path_b).and_return(true)
       expect(File).to receive(:directory?).with(valid_path_b).and_return(true)
+      expect(File).to receive(:exist?).with(invalid_path).and_return(true)
       expect(File).to receive(:directory?).with(invalid_path).and_return(false)
       expect(described_class.invalid_directories?(mixed_paths)).to be true
     end
 
     it 'returns false if collection has empty members but other entries are valid' do
       expect(described_class).to receive(:on_windows?).and_return(true)
+      expect(File).to receive(:exist?).with(valid_path_a).and_return(true)
       expect(File).to receive(:directory?).with(valid_path_a).and_return(true)
+      expect(File).to receive(:exist?).with(valid_path_b).and_return(true)
       expect(File).to receive(:directory?).with(valid_path_b).and_return(true)
       allow(File).to receive(:directory?).with('')
       expect(described_class.invalid_directories?(empty_members)).to be false
     end
+
+    it 'returns true if a collection has valid members but also contains a file path' do
+      expect(described_class).to receive(:on_windows?).and_return(true)
+      expect(File).to receive(:exist?).with(valid_path_a).and_return(true)
+      expect(File).to receive(:directory?).with(valid_path_a).and_return(true)
+      expect(File).to receive(:exist?).with(file_path).and_return(true)
+      expect(File).to receive(:directory?).with(file_path).and_return(false)
+      expect(described_class.invalid_directories?("#{valid_path_a};#{file_path}")).to be true
+    end
+
+    it 'returns false if a collection has valid members but contains a non-existent dir path' do
+      expect(described_class).to receive(:on_windows?).and_return(true)
+      expect(File).to receive(:exist?).with(valid_path_a).and_return(true)
+      expect(File).to receive(:directory?).with(valid_path_a).and_return(true)
+      expect(File).to receive(:exist?).with(non_existent_dir).and_return(false)
+      expect(described_class.invalid_directories?("#{valid_path_a};#{non_existent_dir}")).to be false
+    end
   end
 
   describe '.snake_case' do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ruby-pwsh
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 1.2.1
 platform: ruby
 authors:
 - Puppet, Inc.
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2024-02-21 00:00:00.000000000 Z
+date: 2024-09-20 00:00:00.000000000 Z
 dependencies: []
 description: PowerShell code manager for ruby.
 email: