puppetlabs/bolt

Error behavior when bolt can't sudo without askpass in `--run-as root` mode is confusing

zbentley opened this issue · 0 comments

zbentley commented

Describe the Bug

If I run bolt apply --target localhost --run-as root ... and the shell in which I'm running it does not have the ability to sudo without password, bolt fails without explaining why.

Expected Behavior

When bolt apply can't suid in --run-as root mode, a failure indicating what went wrong should be printed to the terminal.

Observed behavior:

> bolt apply --verbose --target localhost --run-as root --execute 'notice {"hello":}'
Starting: install puppet and gather facts on localhost
Finished: install puppet and gather facts with 1 failure in 0.0 sec
Starting: apply catalog on
Finished: apply catalog with 0 failures in 0.0 sec
Failed on 1 target: localhost
Ran on 1 target in 0.03 sec

If I grant the invoking terminal skip-askpass permission to sudo by running e.g. sudo echo and then re-running the above command, things work.

Steps to Reproduce

  1. Open a fresh terminal and verify that sudo echo prompts for password. Do not enter a password.
  2. Do bolt apply --verbose --target localhost --run-as root --execute 'notice {"hello":}'
  3. Observe that apply fails without any indication of why.

Environment

  • MacOS 14.
  • Bolt 3.27.4 installed via brew cask.

Additional Context

This should be an easy fix, since the error cause is visible in --log-level debug:

> bolt apply --log-level debug --target localhost --run-as root --execute 'notice {"hello":}'

Loaded project from '/Users/zac/Desktop/Projects/Personal/zbox'
Started with 100 max thread(s)
Loading modules from /opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.4/bolt-modules:/Users/zac/Desktop/Projects/Personal/zbox/modules:/Users/zac/Desktop/Projects/Personal/zbox/.modules:/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.4/modules
Loaded inventory from /Users/zac/Desktop/Projects/Personal/zbox/inventory.yaml
CLI arguments ["run-as"] might be overridden by Inventory: /Users/zac/Desktop/Projects/Personal/zbox/inventory.yaml [ID: cli_overrides]
Did not find config for localhost in inventory
Starting: plan
Starting: install puppet and gather facts on localhost
Starting: install puppet and gather facts on localhost
Starting: task puppet_agent::install on localhost
Running task puppet_agent::install with '{"retry":5,"stop_service":true,"_task":"puppet_agent::install"}' on ["localhost"]
Running task 'puppet_agent::install' on localhost
{"target":"localhost","action":"task","object":null,"status":"failure","value":{"_error":{"details":{},"kind":"puppetlabs.tasks/escalate-error","msg":"Sudo password for user zac was not provided for localhost","issue_code":"NO_PASSWORD"}}}
Finished: task puppet_agent::install with 1 failure in 0.1 sec
Finished: install puppet and gather facts with 1 failure in 0.11 sec
Finished: install puppet and gather facts with 1 failure in 0.11 sec
Starting: apply catalog on
Starting: apply catalog on
Finished: apply catalog with 0 failures in 0.0 sec
Finished: apply catalog with 0 failures in 0.0 sec
Failed on 1 target: localhost
Ran on 1 target in 0.15 sec

The NO_PASSWORD log report should be surfaced more loudly in the apply failure output.